From David1 at suescornerweb.com Sat Jan 1 03:29:18 2005 From: David1 at suescornerweb.com (David 1) Date: Sat Jan 1 03:30:12 2005 Subject: [SC-Help] I bounced ???? Message-ID: Is there a way I could see that bounce report or someone tell me how I bounced I don't have a quota not that it maters because I usually download my mail a min of every 5 hours when not on line & every 10 min. when I am on line & since I usually log over 20K min a month I'm on line quite a bit. I'm just curious how I bounced not upset just don't see it being because of quota -- David 1 bad addy spamtrap@suescornerweb.com From nobody at spamcop.net Sat Jan 1 11:27:42 2005 From: nobody at spamcop.net (Ellen) Date: Sat Jan 1 11:30:04 2005 Subject: [SC-Help] Re: I bounced ???? References: Message-ID: "David 1" wrote in message news:cr5n1c$qtr$1@news.spamcop.net... > Is there a way I could see that bounce report or someone tell me how I > bounced I don't have a quota not that it maters because I usually > download my mail a min of every 5 hours when not on line & every 10 min. > when I am on line & since I usually log over 20K min a month I'm on line > quite a bit. I'm just curious how I bounced not upset just don't see it > being because of quota > -- > > David 1 > bad addy > spamtrap@suescornerweb.com Write to service@admin.spamcop.net and include your registered SpamCop email address. Ellen From David1 at suescornerweb.com Sat Jan 1 12:26:43 2005 From: David1 at suescornerweb.com (David 1) Date: Sat Jan 1 12:30:03 2005 Subject: [SC-Help] Re: I bounced ???? In-Reply-To: References: Message-ID: Ellen wrote: > "David 1" wrote in message > news:cr5n1c$qtr$1@news.spamcop.net... > >>Is there a way I could see that bounce report or someone tell me how I >>bounced I don't have a quota not that it maters because I usually >>download my mail a min of every 5 hours when not on line & every 10 min. >>when I am on line & since I usually log over 20K min a month I'm on line >>quite a bit. I'm just curious how I bounced not upset just don't see it >>being because of quota >>-- >> >>David 1 >>bad addy >>spamtrap@suescornerweb.com > > > Write to service@admin.spamcop.net and include your registered SpamCop email > address. > > Ellen > > I did & I thank ya! -- David 1 bad addy spamtrap@suescornerweb.com From autoreply at funchords.com Sat Jan 1 11:24:15 2005 From: autoreply at funchords.com (Robb Topolski) Date: Sat Jan 1 14:25:02 2005 Subject: [SC-Help] False Spamcop Positives on Yahoogroups Messages (66.94.237.42) Message-ID: SC Deputies or Power Users: The following message was identified by the bl.spamcop.net ... I'm wondering if it was tagged by mere volume (which should be inappropriate), or if someone was indeed abusing this IP. I thought there used to be a way of looking at some rudimentary evidence file, but either it's gone or hard to find. Thanks for any pointers. Example Headers and Body of the False Postive Snipped below: Received: from n8a.bulk.scd.yahoo.com ([66.94.237.42]) by sccrmxc24.comcast.net (sccrmxc24) with SMTP id <20__________________33de>; Sat, 1 Jan 2005 17:12:19 +0000 X-Originating-IP: [66.94.237.42] Received: from [66.218.69.5] by n8.bulk.scd.yahoo.com with NNFMP; 01 Jan 2005 17:12:18 -0000 Received: from [66.218.66.30] by mailer5.bulk.scd.yahoo.com with NNFMP; 01 Jan 2005 17:12:18 -0000 X-Yahoo-Newman-Property: groups-mod X-Sender: notify@yahoogroups.com X-Apparently-To: mygroup-owner@yahoogroups.com Received: (qmail 68567 invoked by uid 7800); 1 Jan 2005 17:12:18 -0000 Date: 1 Jan 2005 17:12:18 -0000 Message-ID: <110_____________.m24@yahoogroups.com> MIME-Version: 1.0 From: Yahoo! Groups Notification Reply-To: mygroup-accept-A8_____________pA@yahoogroups.com To: mygroup-owner@yahoogroups.com Subject: MODERATE -- posted to pdx-poker Content-Type: multipart/mixed; boundary="-----003___________________9107" X-eGroups-Moderators: pdx-poker X-RBL-Warning: bl.spamcop.net returns 127.0.0.2 (SPAMCOP) for 66.94.237.42 Hello, A message has been sent to the mygroup group from The message summary: -------------------- FROM: [...remainder snipped...] From nobody at devnull.spamcop.net Sat Jan 1 13:30:07 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Sat Jan 1 14:35:03 2005 Subject: [SC-Help] Re: False Spamcop Positives on Yahoogroups Messages (66.94.237.42) References: Message-ID: "Robb Topolski" wrote in message news:cr6td6$fsc$1@news.spamcop.net... > SC Deputies or Power Users: > > The following message was identified by the bl.spamcop.net ... I'm > wondering if it was tagged by mere volume (which should be inappropriate), > or if someone was indeed abusing this IP. > > I thought there used to be a way of looking at some rudimentary evidence > file, but either it's gone or hard to find. > > Thanks for any pointers. Not a Deputy, only the owner of a free-reporting account ... However, noting the simultaneous posting of a Yahoo Groups blocking action here and in the web-based Forum .. Same answer provided here as over there ... please check the web-based version of the FAQ, look for an entry with the title of "Yahoo Groups Mail Blocked?" http://forum.spamcop.net/forums/ From autoreply at funchords.com Sat Jan 1 11:48:44 2005 From: autoreply at funchords.com (Robb Topolski) Date: Sat Jan 1 14:50:03 2005 Subject: [SC-Help] Re: False Spamcop Positives on Yahoogroups Messages (66.94.237.42) References: Message-ID: "WazoO" wrote in message news:cr6to0$g1k$1@news.spamcop.net... > Not a Deputy, only the owner of a free-reporting account ... > However, noting the simultaneous posting of a Yahoo > Groups blocking action here and in the web-based Forum .. > Same answer provided here as over there ... please check > the web-based version of the FAQ, look for an entry with > the title of "Yahoo Groups Mail Blocked?" > http://forum.spamcop.net/forums/ Thanks! I didn't even know about that forum! I read that FAQ entry and it's as clear as mud. I still would like someone to take a peek and see if this is really abuse. From MikeE at ster.invalid Sat Jan 1 11:50:08 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Jan 1 14:50:04 2005 Subject: [SC-Help] Re: False Spamcop Positives on Yahoogroups Messages (66.94.237.42) References: Message-ID: WazoO wrote: > Not a Deputy, only the owner of a free-reporting account ... > However, noting the simultaneous posting of a Yahoo > Groups blocking action here and in the web-based Forum .. > Same answer provided here as over there ... please check > the web-based version of the FAQ, look for an entry with > the title of "Yahoo Groups Mail Blocked?" > http://forum.spamcop.net/forums/ The only place 'Yahoo Groups Mail Blocked' appears is in the thread http://forum.spamcop.net/forums/index.php?showtopic=3348&st=0&p=22176&#entry22176 Yahoo Groups Blacklisted but it doesn't really say much helpful. The SC bl currently has 66.94.237.42 listed, which is also listed in spambag's backscatter2. In addition, the scbl also shows all this: Other hosts in this "neighborhood" with spam reports 66.94.237.16 66.94.237.20 66.94.237.24 66.94.237.28 66.94.237.32 66.94.237.35 66.94.237.36 66.94.237.37 66.94.237.38 66.94.237.39 66.94.237.40 66.94.237.41 66.94.237.43 66.94.237.44 66.94.237.45 66.94.237.46 66.94.237.47 66.94.237.48 66.94.237.49 66.94.237.50 66.94.237.51 All of those but one are currently listed, altho' some have short times left, so some others may age off soon. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Sat Jan 1 15:22:02 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Sat Jan 1 16:25:04 2005 Subject: [SC-Help] Re: False Spamcop Positives on Yahoogroups Messages (66.94.237.42) References: Message-ID: "Mike Easter" wrote in message news:cr6uri$go2$1@news.spamcop.net... > WazoO wrote: > > Not a Deputy, only the owner of a free-reporting account ... > > However, noting the simultaneous posting of a Yahoo > > Groups blocking action here and in the web-based Forum .. > > Same answer provided here as over there ... please check > > the web-based version of the FAQ, look for an entry with > > the title of "Yahoo Groups Mail Blocked?" > > http://forum.spamcop.net/forums/ > > The only place 'Yahoo Groups Mail Blocked' appears is in the thread > http://forum.spamcop.net/forums/index.php?showtopic=3348&st=0&p=22176&#entry22176 > Yahoo Groups Blacklisted > > but it doesn't really say much helpful. I was pointing to an entry in the FAQ list over there ... which actually leads you into another "discussion" at http://forum.spamcop.net/forums/index.php?showtopic=2472&st=0&p=15986&#entry15986 somehow you snagged the entry to a disussion started today ..?? (noting that some Forum sections were recently created, a bunch of postings moved ..??) ) > The SC bl currently has 66.94.237.42 listed, which is also listed in > spambag's backscatter2. > > In addition, the scbl also shows all this: > > Other hosts in this "neighborhood" with spam reports > 66.94.237.16 66.94.237.20 66.94.237.24 66.94.237.28 > 66.94.237.32 66.94.237.35 66.94.237.36 66.94.237.37 > 66.94.237.38 66.94.237.39 66.94.237.40 66.94.237.41 > 66.94.237.43 66.94.237.44 66.94.237.45 66.94.237.46 > 66.94.237.47 66.94.237.48 66.94.237.49 66.94.237.50 > 66.94.237.51 > > All of those but one are currently listed, altho' some have short times > left, so some others may age off soon. Thanks for the research .. have been busy here with a bit of an ice storm thing, a troll gone wild "over there" ... on and on From nobody at spamcop.net Sun Jan 2 00:02:17 2005 From: nobody at spamcop.net (RW) Date: Sun Jan 2 01:05:06 2005 Subject: [SC-Help] Re: False Spamcop Positives on Yahoogroups Messages (66.94.237.42) References: Message-ID: "Robb Topolski" wrote in message news:cr6uqv$gnq$1@news.spamcop.net... > > I still would like someone to take a peek and see if this is really abuse. I've been looking at the Yahoo IPs all day and yes, all the listings are legit due to spam, mostly to spamtraps. Yahoo doesn't do its users any favours by allowing lists to be imported and subscriptions to be completed without confirmations. Usually the traffic numbers are high enough to limit the listings, but I think general traffic is probably lower because of the holiday period. Spammers haven't slowed down though, so the spam ratios are higher than normal. Richard From nobody at spamcop.net Sun Jan 2 01:05:53 2005 From: nobody at spamcop.net (Miss Betsy) Date: Sun Jan 2 01:05:08 2005 Subject: [SC-Help] Re: False Spamcop Positives on Yahoogroups Messages (66.94.237.42) References: Message-ID: > I read that FAQ entry and it's as clear as mud. I don't understand about yahoo groups and why spammers can abuse them so easily, but it happens apparently. There is another thread in the main spamcop group about why some 'popular' mailing list has gotten on the spamcop bl. From what I can tell the reason is that this 'big name' and popular mailing list is totally ignoring industry best practices. And from what I can tell, yahoo does also. Spam is spam - the content doesn't matter; it is the method in which it is delivered - as a confirmed subscription or just because the merchant thinks no one will complain because he has such a great product, everyone will like to get his mailings. yahoo thinks it can get away with sloppy practices because it offers a popular service and thereby opens up the whole internet for every wannabe great service provider aka spam. Miss Betsy From mrichter at cpl.net Sat Jan 1 23:40:05 2005 From: mrichter at cpl.net (Mike Richter) Date: Sun Jan 2 02:40:03 2005 Subject: [SC-Help] Re: False Spamcop Positives on Yahoogroups Messages (66.94.237.42) In-Reply-To: References: Message-ID: Miss Betsy wrote: > > >>I read that FAQ entry and it's as clear as mud. > > > I don't understand about yahoo groups and why spammers can abuse > them so easily, but it happens apparently. It's easy enough. Yahoo! allows open groups, meaning that a spammer can sign up and send one or more posts to all subscribers before being stopped by the listowner or a moderator. In addition, a spammer can open a group and subscribe members without their confirmation - though Yahoo! has made that undesirable (by spammer standards) by limiting the number who can be added at once. I 'own' some Yahoo! groups. All are closed (subscription by invitation only) and none permits subscription without confirmation. Mike -- mrichter@cpl.net http://www.mrichter.com/ From MikeE at ster.invalid Sun Jan 2 07:37:39 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Jan 2 10:40:05 2005 Subject: [SC-Help] Re: False Spamcop Positives on Yahoogroups Messages (66.94.237.42) References: Message-ID: Mike Richter wrote: > It's easy enough. Yahoo! allows open groups, > I 'own' some Yahoo! groups. All are closed (subscription by invitation > only) and none permits subscription without confirmation. Yahoo should segregate its regular mail and closed groups mail servers from its open groups mailservers so that the listed yahoo servers won't affect its regular mail and closed groups mail out -- that is, if they believe that having an open group system is worth keeping if burdened by frequent listings of the mailservers. -- Mike Easter kibitzer, not SC admin From David1 at suescornerweb.com Sun Jan 2 11:14:35 2005 From: David1 at suescornerweb.com (David 1) Date: Sun Jan 2 11:15:02 2005 Subject: [SC-Help] Re: False Spamcop Positives on Yahoogroups Messages (66.94.237.42) In-Reply-To: References: Message-ID: Mike Easter wrote: > Mike Richter wrote: > >>It's easy enough. Yahoo! allows open groups, > > >>I 'own' some Yahoo! groups. All are closed (subscription by invitation >>only) and none permits subscription without confirmation. > > > Yahoo should segregate its regular mail and closed groups mail servers > from its open groups mailservers so that the listed yahoo servers won't > affect its regular mail and closed groups mail out -- that is, if they > believe that having an open group system is worth keeping if burdened by > frequent listings of the mailservers. > Well there is one function that I made the mistake of using untill an upset person told me about it in no other term you do have the option to "direct add" a person but there is a big notece that missuse will lead to loss of your account/group. Also as a user in you user settings you can set yourself wether you're allowed to be direct added if you check no then suppo9edly an owner/moderator can't direct add you. -- David 1 bad addy spamtrap@suescornerweb.com From nobody at spamcop.net Sun Jan 2 12:34:11 2005 From: nobody at spamcop.net (Miss Betsy) Date: Sun Jan 2 12:35:02 2005 Subject: [SC-Help] Re: False Spamcop Positives on Yahoogroups Messages (66.94.237.42) References: Message-ID: "Mike Easter" wrote in message news:cr94e2$rh6$1@news.spamcop.net... > Mike Richter wrote: > > It's easy enough. Yahoo! allows open groups, > > > I 'own' some Yahoo! groups. All are closed (subscription by invitation > > only) and none permits subscription without confirmation. > > Yahoo should segregate its regular mail and closed groups mail servers > from its open groups mailservers so that the listed yahoo servers won't > affect its regular mail and closed groups mail out -- that is, if they > believe that having an open group system is worth keeping if burdened by > frequent listings of the mailservers. Seems simple enough to me. Miss Betsy From wb8tyw at qsl.network Sun Jan 2 16:16:06 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Sun Jan 2 16:20:03 2005 Subject: [SC-Help] Re: False Spamcop Positives on Yahoogroups Messages (66.94.237.42) In-Reply-To: References: Message-ID: David 1 wrote: > > Well there is one function that I made the mistake of using untill an > upset person told me about it in no other term you do have the > option to "direct add" a person but there is a big notece that missuse > will lead to loss of your account/group. And since it appears that the spammers have come up with a program that allows them to create an unlimited number of throw away groups and e-mail accounts, why should the spammer care? The spammers that are using Yahoo Groups are assuming that their account or group will be shutdown after the spam run. From analyzing the output of when a Yahoo Group that I was a member of was getting spammed because joining did not require a human approval, it was very obvious that the spammer was using a program to create throw-away Yahoo accounts. A google search of news.admin.net-abuse.email shows 15 samples from the I.P. address in the title. Many of them come from a regular poster in these newsgroups, and IIRC, that poster has stated that they are not a member of any Yahoo Group. These basically confirm what the deputy has stated, Yahoo is allowing spammers to use these servers. One spammer seems to have been able to operate for several months. -John wb8tyw@qsl.network Personal Opinion Only From nobody at spamcop.net Sun Jan 2 20:58:18 2005 From: nobody at spamcop.net (RW) Date: Sun Jan 2 22:00:04 2005 Subject: [SC-Help] Re: False Spamcop Positives on Yahoogroups Messages (66.94.237.42) References: Message-ID: "David 1" wrote in message news:cr96l6$svt$1@news.spamcop.net... > will lead to loss of your account/group. Also as a user in you user > settings you can set yourself wether you're allowed to be direct added if > you check no then suppo9edly an owner/moderator can't direct add you. but that only applies to yahoo addresses Richard From David1 at suescornerweb.com Mon Jan 3 00:24:46 2005 From: David1 at suescornerweb.com (David 1) Date: Mon Jan 3 00:25:07 2005 Subject: [SC-Help] Re: False Spamcop Positives on Yahoogroups Messages (66.94.237.42) In-Reply-To: References: Message-ID: RW wrote: > "David 1" wrote in message > news:cr96l6$svt$1@news.spamcop.net... > > >>will lead to loss of your account/group. Also as a user in you user >>settings you can set yourself wether you're allowed to be direct added if >>you check no then suppo9edly an owner/moderator can't direct add you. > > > but that only applies to yahoo addresses > > Richard > > I'm not positive but I belive it's any addy in their profile -- David 1 bad addy spamtrap@suescornerweb.com From nobody at spamcop.net Sun Jan 2 23:41:20 2005 From: nobody at spamcop.net (RW) Date: Mon Jan 3 00:45:03 2005 Subject: [SC-Help] Re: False Spamcop Positives on Yahoogroups Messages (66.94.237.42) References: Message-ID: "David 1" wrote in message news:craktm$pbs$3@news.spamcop.net... > RW wrote: >> "David 1" wrote in message >> news:cr96l6$svt$1@news.spamcop.net... >> >>>will lead to loss of your account/group. Also as a user in you user >>>settings you can set yourself wether you're allowed to be direct added if >>>you check no then suppo9edly an owner/moderator can't direct add you. >> >> but that only applies to yahoo addresses > > I'm not positive but I belive it's any addy in their profile But again, only if you are a member/user of Yahoo. I can't prevent my address from being added to a Yahoo group. And yes, I have had my address forge subscribed to Yahoo groups. Richard From David1 at suescornerweb.com Mon Jan 3 00:58:33 2005 From: David1 at suescornerweb.com (David 1) Date: Mon Jan 3 01:00:02 2005 Subject: [SC-Help] Re: False Spamcop Positives on Yahoogroups Messages (66.94.237.42) In-Reply-To: References: Message-ID: RW wrote: > "David 1" wrote in message > news:craktm$pbs$3@news.spamcop.net... > >>RW wrote: >> >>>"David 1" wrote in message >>>news:cr96l6$svt$1@news.spamcop.net... >>> >>> >>>>will lead to loss of your account/group. Also as a user in you user >>>>settings you can set yourself wether you're allowed to be direct added if >>>>you check no then suppo9edly an owner/moderator can't direct add you. >>> >>>but that only applies to yahoo addresses >> >>I'm not positive but I belive it's any addy in their profile > > > But again, only if you are a member/user of Yahoo. I can't prevent my > address from being added to a Yahoo group. And yes, I have had my address > forge subscribed to Yahoo groups. > > Richard > > brain fart sorry, You are correct -- David 1 bad addy spamtrap@suescornerweb.com From buzzard554 at fastmail.co.uk Mon Jan 3 18:25:01 2005 From: buzzard554 at fastmail.co.uk (Martin Edwards) Date: Mon Jan 3 13:25:03 2005 Subject: [SC-Help] One down Message-ID: I just got an account suspended by Easynet. From firewoman at default.domain.not.available Mon Jan 3 14:17:55 2005 From: firewoman at default.domain.not.available (Firewoman) Date: Mon Jan 3 14:20:04 2005 Subject: [SC-Help] Re: False Spamcop Positives on Yahoogroups Messages (66.94.237.42) References: Message-ID: "RW" wrote in message news:cr82p6$7d9$1@news.spamcop.net... > "Robb Topolski" wrote in message > news:cr6uqv$gnq$1@news.spamcop.net... >> >> I still would like someone to take a peek and see if this is really >> abuse. > > I've been looking at the Yahoo IPs all day and yes, all the listings are > legit due to spam, mostly to spamtraps. Yahoo doesn't do its users any > favours by allowing lists to be imported and subscriptions to be completed > without confirmations. Yahoo doesn't do its users any favors when they allow groups to share user addresses to send out "invitations" to even more groups. These invites weren't asked for, and I'm not even a member of any yahoo groups anymore. (Note that I was a member of a total of TWO for about 2 months.) I'd say they're on the list for good reason. From DELETE_westes at earthbroadcast.com Mon Jan 3 13:36:44 2005 From: DELETE_westes at earthbroadcast.com (CHANGE USERNAME TO westes) Date: Mon Jan 3 16:35:03 2005 Subject: [SC-Help] How to Handle Reverse Delegation for Muti-IP mail Host Message-ID: Many sites on the Internet no longer accept mail if the reverse IP does not match the forward IP, using the domain name that sendmail announces when it connects while sending mail. I understand how to handle reverse delegation to make these match for a simple case, but I have a question for a more complex case. We have our mail server connected to two different networks, for redundancy. For receiving incoming mail, this works great, and we can set the MX records to mail1.mysite.com and mail2.mysite.com, each of which resolves to an IP on a different network. Now how do I handle outgoing mail? One solution would be to have the generic host mail.mysite.com resolve to two different IP addresses. But I'm thinkingt that may cause problems. The reverse delegation for the two different IP addresses should show one hostname (i.e., mail.mysite.com), but would there be other issues that make using more than one IP for sending mail problematic? -- Will westes AT earthbroadcast.com From TJLWBECGSGWU at spammotel.com Mon Jan 3 23:34:21 2005 From: TJLWBECGSGWU at spammotel.com (Mathew Hendry) Date: Mon Jan 3 18:35:03 2005 Subject: [SC-Help] Re: Wrong originating host? References: Message-ID: <5hijt0h6fmurv6iibv0nu6u20g56eljaug@4ax.com> [Crossposted and followups set to spamcop.help] On Mon, 03 Jan 2005 22:24:36 +0100, Ernst wrote: >Mat, I am sorry, but what is a tracker and how do I post it? Sorry, the proper name is tracking URL, often called a tracker for short. Each spam submitted gets its own unique URL. Look at the top of the page next time you make a report; from one I sent a little while ago: Here is your TRACKING URL - it may be saved for future reference: http://www.spamcop.net/sc?id=z709033350z65a107e42491c0aef2adc56a91ab1d69z If you see anything unusual or interesting when reporting, you can post the tracking URL here for other people to look at. Make sure you send or cancel the report first, though: a tracker that's still "live" could be used by anyone to send reports in your name. -- Mat. From ric.gates at bigsleep.org Tue Jan 4 04:20:19 2005 From: ric.gates at bigsleep.org (Blammo) Date: Mon Jan 3 23:25:03 2005 Subject: [SC-Help] Re: How to Handle Reverse Delegation for Muti-IP mail Host References: Message-ID: On 03 Jan 2005 CHANGE USERNAME TO westes entered spamcop.help and left news:crcdjh$u64$1@news.spamcop.net: > Many sites on the Internet no longer accept mail if the reverse IP > does not match the forward IP, using the domain name that sendmail > announces when it connects while sending mail. I understand how to > handle reverse delegation to make these match for a simple case, but I > have a question for a more complex case. > > We have our mail server connected to two different networks, for > redundancy. For receiving incoming mail, this works great, and we can > set the MX records to mail1.mysite.com and mail2.mysite.com, each of > which resolves to an IP on a different network. Now how do I handle > outgoing mail? One solution would be to have the generic host > mail.mysite.com resolve to two different IP addresses. But I'm > thinkingt that may cause problems. The reverse delegation for the > two different IP addresses should show one hostname (i.e., > mail.mysite.com), but would there be other issues that make using more > than one IP for sending mail problematic? > Two Sendmail daemons. Sendmail will only use the primary domain for the server it's running on, or the domain it's set to - which should match the PTR of the outgoing connection IP anyway. Sounds like you are having problems because you set the domain to something else, or sendmail is not able to get the correct name. http://www.sendmail.org/m4/tweaking_config.html#confDOMAIN_NAME The MX names have nothing to do with it. -- | Ric -- | Ric | From jvm_cop at spamcop.net Wed Jan 5 09:03:08 2005 From: jvm_cop at spamcop.net (J. Merrill) Date: Wed Jan 5 09:05:03 2005 Subject: [SC-Help] Many questionable cases of "Cannot resolve" Message-ID: I have seen a substantial increase in the number of spams where there is no identified web site. In each case, the message "Cannot resolve http://..." is part of the technical details -- as if the site has been taken down, and readers of the spam could not successfully click on the links in the message. In many cases, I have grabbed one or more of the non-resolvable domains and used Windows 2000's command-line "ping" and seen that ping is able to resolve these addresses, even though SpamCop's server apparently cannot. I know about DNS changes propagating at different speeds and so on. Many times, I have used "ipconfig /flushdns" to try to get the freshest possible info. If it weren't happening quite consistently, I wouldn't be asking. What I've done (when I feel inspired to take extra time for a particular spam) is to use SpamCop to get a report of the IP address that "ping" shows me, then modify the spam message by adding something like *** Spam reporter added: http://202.102.230.36 *** because SpamCop could not resolve jkelwi.wise-sol.info and have SpamCop re-parse the message. Is that what I should be doing? How can I know whether or not the address that "ping" shows me is really involved? Is there an easy-to-use more-reliable way to get the "official" DNS status for a domain? (If the ISP has already taken the site down, will this still count against its spam-friendliness rating?) Thanks for any help. From MikeE at ster.invalid Wed Jan 5 06:23:47 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Jan 5 09:25:10 2005 Subject: [SC-Help] Re: Many questionable cases of "Cannot resolve" References: Message-ID: J. Merrill wrote: > What I've done (when I feel inspired to take extra time for a > particular spam) is to use SpamCop to get a report of the IP > address that "ping" shows me, then modify the spam message by > adding something like > > *** Spam reporter added: http://202.102.230.36 > *** because SpamCop could not resolve jkelwi.wise-sol.info > > and have SpamCop re-parse the message. That /seems/ like that should be a very good way to accomplish something which isn't permitted by the faq; but it isn't authorized. Ellen has said that simply 'doing it' ie just changing/modifying the original spam to enable is a no-no. Altho' your strategy 'documents' the change better, I'm sure she isn't going to put her stamp of approval on anything which isn't permitted by the faq. > Is that what I should be doing? How can I know whether or not > the address that "ping" shows me is really involved? Is there an > easy-to-use more-reliable way to get the "official" DNS status > for a domain? (If the ISP has already taken the site down, will > this still count against its spam-friendliness rating?) My understanding is that modifying the spam in order to facilitate a notify is a material change which isn't allowed. Under those rules, a free spamcop reporter would not be able to make such a notify; whereas a paid spamcop reporter could do it another way. The other way would be to add a notify to the spamcop report. That is, you would leave the original spam unchanged, you would determine the IP, you could ask SC to give you the reporting addies for the IP, and then you would add those reporting addies to the SC report. You can't add addies if you are a free reporter. Re how to find the IP. Ping isn't as good as some other tools, but it is good enough. I usually use SamSpade's console for Win, but it depends on what is 'open' or available because I also use NetDemon's console for Win. When I'm 'analyzing' whatall is wrong with a domainname re its nameservice I use a number of different tools available online at dnsstuff http://www.dnsstuff.com/ Some people like SamSpade online http://samspade.org/ -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Wed Jan 5 11:50:07 2005 From: nobody at spamcop.net (Ellen) Date: Wed Jan 5 11:55:03 2005 Subject: [SC-Help] Re: Many questionable cases of "Cannot resolve" References: Message-ID: "J. Merrill" wrote in message news:crgrur$si8$1@news.spamcop.net... > > *** Spam reporter added: http://202.102.230.36 > *** because SpamCop could not resolve jkelwi.wise-sol.info No you cannot do that. You *cannot* change urls in the spam to force them to parse and you *cannot* add urls to the spam to force reports to be generated. This is against the TOS which you agreed to when you opened your account. And yes, we are aware of the DNS resolution situation. Ellen From DELETE_westes at earthbroadcast.com Wed Jan 5 10:28:35 2005 From: DELETE_westes at earthbroadcast.com (Will) Date: Wed Jan 5 13:25:03 2005 Subject: [SC-Help] Re: How to Handle Reverse Delegation for Muti-IP mail Host References: Message-ID: I'm making a different point. Let me provide an example. I'm going to use private IP addresses, but imagine these were public IPs. host1.mysite.com 192.168.1.1 host2.mysite.com 192.168.10.1 host.mysite.com will have *both* forward and reverse set as: 192.168.1.1 192.168.10.1 So sendmail will announce host.mysite.com on all outgoing mail. A reverse IP check of either IP above will match host.mysite.com. The problem is that the *forward* lookup on host.mysite.com will give *two* IP addresses. And what I am asking is will that cause problems for all of these virus checkers out there that are rejecting 1/2 the valid e-mail they receive from business correspondents based on some minute imperfection in the DNS record setup. If most software will only use the host announcement by sendmail and a reverse IP lookup, then it is okay. If software does a forward lookup and is not written to deal with more than one IP, then it could cause problems. -- Will westes AT earthbroadcast.com "Blammo" wrote in message news:Xns95D3CEF04E012blammo@216.154.195.61... > Two Sendmail daemons. > Sendmail will only use the primary domain for the server it's running on, > or the domain it's set to - which should match the PTR of the outgoing > connection IP anyway. Sounds like you are having problems because you set > the domain to something else, or sendmail is not able to get the correct > name. > http://www.sendmail.org/m4/tweaking_config.html#confDOMAIN_NAME > The MX names have nothing to do with it. > > -- > | Ric From jvm_cop at spamcop.net Wed Jan 5 17:39:23 2005 From: jvm_cop at spamcop.net (J. Merrill) Date: Wed Jan 5 17:40:03 2005 Subject: [SC-Help] Re: Many questionable cases of "Cannot resolve" References: Message-ID: "Ellen" wrote in message news:crh602$3pf$1@news.spamcop.net... > > > "J. Merrill" wrote in message > news:crgrur$si8$1@news.spamcop.net... > > > > *** Spam reporter added: http://202.102.230.36 > > *** because SpamCop could not resolve jkelwi.wise-sol.info > > No you cannot do that. You *cannot* change urls in the spam to force them to > parse and you *cannot* add urls to the spam to force reports to be > generated. This is against the TOS which you agreed to when you opened your > account. > > And yes, we are aware of the DNS resolution situation. > > Ellen Thanks for the info. I will stop doing that, and hope that "the DNS resolution situation" gets better. From TMHRVMFWREVN at spammotel.com Wed Jan 5 23:25:14 2005 From: TMHRVMFWREVN at spammotel.com (Rob) Date: Wed Jan 5 18:45:03 2005 Subject: [SC-Help] Re: Many questionable cases of "Cannot resolve" References: Message-ID: "J. Merrill" wrote in message news:crgrur$si8$1@news.spamcop.net... > I have seen a substantial increase in the number of spams where > there is no identified web site. In each case, the message > "Cannot resolve http://..." is part of the technical details -- > as if the site has been taken down, and readers of the spam could > not successfully click on the links in the message. > > I've been getting quite a few of those so I just tried a suggestion I remember reading either here or in spamcop or spamcop.geeks. I refreshed the page and all URLs SpamCop couldn't resolve suddenly were resolved. Just hit refresh, it's almost instant. Rob From ric.gates at bigsleep.org Thu Jan 6 03:27:25 2005 From: ric.gates at bigsleep.org (Blammo) Date: Wed Jan 5 22:30:17 2005 Subject: [SC-Help] Re: How to Handle Reverse Delegation for Muti-IP mail Host References: Message-ID: On 05 Jan 2005 Will entered spamcop.help and left news:crhbal$849$1@news.spamcop.net: > The problem is that the *forward* lookup on host.mysite.com will give > *two* IP addresses. And what I am asking is will that cause problems > for all of these virus checkers out there that are rejecting 1/2 the > valid e-mail they receive from business correspondents based on some > minute imperfection in the DNS record setup. If most software will > only use the host announcement by sendmail and a reverse IP lookup, > then it is okay. If software does a forward lookup and is not > written to deal with more than one IP, then it could cause problems. > That's interesting, but I don't think it should be a problem, not that I know a whole lot about DNS forward records. For example when Sendmail checks a connection it looks up the hostname for the connecting IP, then looks up the IP for that hostname. If they don't match it returns FORGED so that you may reject this type of mail... ${client_resolve} Holds the result of the resolve call for ${client_name}. Possible values are: OK resolved successfully FAIL permanent lookup failure FORGED forward lookup doesn't match reverse lookup TEMP temporary lookup failure So you can block those with no PTR, or those that don't match, Now I don't block this type of mail because some company servers don't have their own PTR, or more often they don't match. Their MX name may be mail.company.com but their PTR would be something like dsl-123.isp.com, and because they have dynamic addressing (actually I'm not sure why) the IPs (forward lookup) won't match. This forward lookup part is what I've been a little unclear on, usually when I check I get no IP at all. I'm going to look at that again and see if I can refresh my memory. Another thing some servers do is to check the HELO name against the PTR, this also causes problems when the PTR record is their DSL name. A real effective way to block spam, but also blocks a lot of valid mail. Normally this isn't a problem because Sendmail gets your fully qualified domain name by getting your host name using gethostname and then calling gethostbyname on the result. So you shouldn't have to define confDOMAIN_NAME. (BTW, I've noticed lately that many spams have the correct name there, so maybe they finally figured that out). Will having two IPs cause the FORGED result mentioned above, which I think is what you are talking about? This shouldn't be a problem because according to the FAQ "If the client IP address does not appear in that list, then the may be forged tag is added", So it seems a list of IPs is returned and all are checked. If you end up having a problem you can correct that using DNS and Bind, I keep thinking I need to get that book - http://www.oreilly.com/catalog/dns4/ -- | Ric | From MikeE at ster.invalid Thu Jan 6 09:30:12 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Jan 6 12:30:03 2005 Subject: [SC-Help] Re: out dated spam References: Message-ID: posted to .help & .spam; f/ups to .help Hal Blum wrote: > I have been getting a lot ofspam lately that when I submit them > (usually with in hours of receiving them) I get the message that it > is too old, usually it wiull state received date as anything from 4 > to 10 days old. Is it possible that the date in the headers could be > forged? exaple www.spamcop.net/sc?id=z709956173z58ef79b6d70e37237b8b5755d45ab7dfz > I received this last night but the syatem states that it is 7.5 days > old... any ideas on this? Route: adelphia => speakeasy => blumfamily Delay: speakeasy, 1 week. Somehow that item didn't get from speakeasy to your server in a timely fashion. Incidentally: housekeeping1: .spam is for posting only raw spam, no raw spam is allowed in .help or spamcop. .help and spamcop are for discussing spam issues and posting the trackers like you did. If you are going to post a tracker and a question, post into .help or spamcop not .spam. No one goes to .spam because there is only [supposed to be] raw spam in there. housekeeping2: newsgroup postings should be in plaintext, not html. I don't know where that is configured in your Groupwise newsreader. -- Mike Easter kibitzer, not SC admin From forrie at Noforriesp.amcom Fri Jan 7 02:42:09 2005 From: forrie at Noforriesp.amcom (Forrest Aldrich) Date: Fri Jan 7 02:45:18 2005 Subject: [SC-Help] New mailhosts configuration (question) Message-ID: Hi there, I've gone through the initial setup process for the new mailhost configuration on SpamCop. I have a domain which I MX to my home system (cable modem). For the most part, the IP address stays the same (although it is officially dynamic), as my system is on 24x7. I listed the provider as the default that the form provided which is "mail.mydomain.com" - which in fact my "provider" is the ISP. I just want to ensure I've not messed this up in any way. Thanks. From nobody at devnull.spamcop.net Fri Jan 7 02:23:59 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Fri Jan 7 03:25:05 2005 Subject: [SC-Help] Re: New mailhosts configuration (question) References: Message-ID: "Forrest Aldrich" wrote in message news:crlecp$s03$1@news.spamcop.net... > > I've gone through the initial setup process for the new mailhost > configuration on SpamCop. Responses already existing in the 'primary' support spot for MailHost to your posting "over there" in the web-based Forum thing. From e.streit at bluewin.ch Fri Jan 7 11:40:24 2005 From: e.streit at bluewin.ch (Ernst) Date: Fri Jan 7 05:45:03 2005 Subject: [SC-Help] Re: Wrong originating host? In-Reply-To: <5hijt0h6fmurv6iibv0nu6u20g56eljaug@4ax.com> References: <5hijt0h6fmurv6iibv0nu6u20g56eljaug@4ax.com> Message-ID: Mat, here is now the URL of an e-mail, where my ISP was identified as the originating host. http://www.spamcop.net/sc?id=z710204438zbd5b728184d6cb16f633d294acd99218z Note the following: When I submitted the header again to SpamCop, it seems that it analyzed it then correctly, but I did not submit it again. Another question: Under SpamCop I can look at my recent reports, but they don't seem to have their URL displayed. Thanks and regards, Ernst Mathew Hendry schrieb: > [Crossposted and followups set to spamcop.help] > > On Mon, 03 Jan 2005 22:24:36 +0100, Ernst wrote: > > >>Mat, I am sorry, but what is a tracker and how do I post it? > > > Sorry, the proper name is tracking URL, often called a tracker for short. > Each spam submitted gets its own unique URL. Look at the top of the page > next time you make a report; from one I sent a little while ago: > > Here is your TRACKING URL - it may be saved for future reference: > http://www.spamcop.net/sc?id=z709033350z65a107e42491c0aef2adc56a91ab1d69z > > If you see anything unusual or interesting when reporting, you can post the > tracking URL here for other people to look at. Make sure you send or cancel > the report first, though: a tracker that's still "live" could be used by > anyone to send reports in your name. > > -- Mat. > From nobody at spamcop.net Fri Jan 7 08:00:59 2005 From: nobody at spamcop.net (Ellen) Date: Fri Jan 7 08:05:05 2005 Subject: [SC-Help] Re: New mailhosts configuration (question) References: Message-ID: "Forrest Aldrich" wrote in message news:crlecp$s03$1@news.spamcop.net... > Hi there, > > I've gone through the initial setup process for the new mailhost > configuration on SpamCop. > > I have a domain which I MX to my home system (cable modem). For the > most part, the IP address stays the same (although it is officially > dynamic), as my system is on 24x7. > > I listed the provider as the default that the form provided which is > "mail.mydomain.com" - which in fact my "provider" is the ISP. > > I just want to ensure I've not messed this up in any way. > Parse one or more spams -- or any emails sent thru the mailpath that you are concerned about -- and copy the tracking url from the top of the parse and send it to me deputies spamcop.net along with an explanation of your concerns. Cancel the reports. I'll look at the parse and see if there is a problem. Ellen SpamCop From MikeE at ster.invalid Fri Jan 7 05:04:56 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Jan 7 08:05:08 2005 Subject: [SC-Help] Re: Wrong originating host? References: <5hijt0h6fmurv6iibv0nu6u20g56eljaug@4ax.com> Message-ID: Ernst wrote: > Mat, here is now the URL of an e-mail, where my ISP was identified as > the originating host. www.spamcop.net/sc?id=z710204438zbd5b728184d6cb16f633d294acd99218z Abbreviated Received lines *comment from mx21.bluewin.ch (195.186.18.37) by mssazhh-int.msg.bluewin.ch *serves you from host247-254.pool80117.interbusiness.it (80.117.254.247) by mx21.bluewin.ch *sourceline from suspense (146.212.103.251) by 48.237.132.166 *bogusline SC has to be able to chain from top toward the bottom by associating the upper 'from' field with the lower 'by' field. The MXes for bluewin are 195.186.3.80 & 195.186.6.80 which are not 'close enough' to 195.186.18.37 to pass what I call the 'MX step' until SC is familiar with the relay by 'aging' or maturity after the relay has been sent to relay testers. If unfamiliar, the chaining fails prematurely in trying to go from the top line to the 2nd line and SC would name mx21 at bluewin as source. After maturing, mx21 becomes a 'trusted' server, that is, trusted to be a server and SC can chain to the interbusiness source. > Note the following: When I submitted the header again to SpamCop, it > seems that it analyzed it then correctly, but I did not submit it > again. > Another question: Under SpamCop I can look at my recent reports, but > they don't seem to have their URL displayed. Correct. Us citizens cannot simply take a report id and convert it to a tracking URL. We have to grab that during the parse. Only a deputy who has access to evidence can dig up the evidence with only a report id. -- Mike Easter kibitzer, not SC admin From gospamming at yourdomain.invalid Fri Jan 7 13:14:37 2005 From: gospamming at yourdomain.invalid (D.Diaz) Date: Fri Jan 7 08:15:03 2005 Subject: [SC-Help] Re: Wrong originating host? References: <5hijt0h6fmurv6iibv0nu6u20g56eljaug@4ax.com> Message-ID: "Mike Easter" wrote in news:crm1b4$890$1@news.spamcop.net: > Correct. Us citizens cannot simply take a report id and convert it to > a tracking URL. We have to grab that during the parse. Only a deputy > who has access to evidence can dig up the evidence with only a report > id. > AFAICT, if the report id is from one of your own reports, you can. You click on "Past Reports", then enter the report ID or browse through "recent reports" and click on any of them. You will see the report and, on top of it, a link which says "Parse". You click on it and you get the usual parse page. -- Daniel Diaz SpamCop User From MikeE at ster.invalid Fri Jan 7 05:58:00 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Jan 7 09:00:03 2005 Subject: [SC-Help] Re: Wrong originating host? References: <5hijt0h6fmurv6iibv0nu6u20g56eljaug@4ax.com> Message-ID: D.Diaz wrote: > "Mike Easter" >> Correct. Us citizens cannot simply take a report id and convert it >> to a tracking URL. We have to grab that during the parse. Only a >> deputy who has access to evidence can dig up the evidence with only >> a report id. Errk. If I'm going to cite myself, change that to 'we citizens' > AFAICT, if the report id is from one of your own reports, you can. You > click on "Past Reports", then enter the report ID or browse through > "recent reports" and click on any of them. You will see the report > and, on top of it, a link which says "Parse". You click on it and > you get the usual parse page. Just before posting that, I made an effort to dredge up a parse, but I couldn't. I'm going past reports > recent reports > a report id -- but I see no 'parse' link, just who got the reports. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Fri Jan 7 06:01:01 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Jan 7 09:00:06 2005 Subject: [SC-Help] Re: Wrong originating host? References: <5hijt0h6fmurv6iibv0nu6u20g56eljaug@4ax.com> Message-ID: D.Diaz wrote: > AFAICT, if the report id is from one of your own reports, you can. You > click on "Past Reports", then enter the report ID or browse through > "recent reports" and click on any of them. You will see the report > and, on top of it, a link which says "Parse". You click on it and > you get the usual parse page. I think that's a paying customer perq. http://www.spamcop.net/fom-serve/cache/288.html Upgrade to a premium member account Access to the database to check reports you have sent in the past 30 days; -- Mike Easter kibitzer, not SC admin From hblum at manhard.com Fri Jan 7 10:00:59 2005 From: hblum at manhard.com (Hal Blum) Date: Fri Jan 7 11:05:02 2005 Subject: [SC-Help] Re: out dated spam References: Message-ID: Thanks From gospamming at yourdomain.invalid Fri Jan 7 16:09:46 2005 From: gospamming at yourdomain.invalid (D.Diaz) Date: Fri Jan 7 11:10:03 2005 Subject: [SC-Help] Re: Wrong originating host? References: <5hijt0h6fmurv6iibv0nu6u20g56eljaug@4ax.com> Message-ID: "Mike Easter" wrote in news:crm4ek$aoe$1@news.spamcop.net: > Just before posting that, I made an effort to dredge up a parse, but I > couldn't. > > I'm going past reports > recent reports > a report id -- but I see no > 'parse' link, just who got the reports. > Click on a report number to see the actual report which was sent to that address. At the top will be the "Parse" link. "Mike Easter" wrote in news:crm4k8$apt$1@news.spamcop.net: > I think that's a paying customer perq. > Nope. I'm a free reporting user. -- Daniel Diaz SpamCop User From MikeE at ster.invalid Fri Jan 7 08:22:53 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Jan 7 11:25:02 2005 Subject: [SC-Help] Re: Wrong originating host? References: <5hijt0h6fmurv6iibv0nu6u20g56eljaug@4ax.com> Message-ID: D.Diaz wrote: > "Mike Easter" >> Just before posting that, I made an effort to dredge up a parse, but >> I couldn't. >> >> I'm going past reports > recent reports > a report id -- but I see no >> 'parse' link, just who got the reports. >> > > Click on a report number to see the actual report which was sent to > that address. At the top will be the "Parse" link. Not happening here. I click report id # as above. The word parse does not appear. Oops. Retract that. If I click the report id for the spamvertiser, no 'parse', no spam. If I click the report id for the source, I get a spam and a parse option. -- Mike Easter kibitzer, not SC admin From gospamming at yourdomain.invalid Fri Jan 7 16:48:00 2005 From: gospamming at yourdomain.invalid (D.Diaz) Date: Fri Jan 7 11:50:03 2005 Subject: [SC-Help] Re: Wrong originating host? References: <5hijt0h6fmurv6iibv0nu6u20g56eljaug@4ax.com> Message-ID: "Mike Easter" wrote in news:crmcu8$gcj$1@news.spamcop.net: > Oops. Retract that. If I click the report id for the spamvertiser, > no 'parse', no spam. If I click the report id for the source, I get a > spam and a parse option. > Gee, that's true. I didn't notice that the spamvertiser report page is completely different... Until you mentioned it, I only happened to click on spam source report IDs. -- Daniel Diaz SpamCop User From MikeE at ster.invalid Sat Jan 8 15:59:26 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Jan 8 19:00:03 2005 Subject: [SC-Help] Re: What is this? References: <41E06DAD.6030007@hotmail.com> Message-ID: Steve Milano wrote: > Sorry if I'm in the wrong forum. .mail is for newsgroup discussing problems with the spamcop mail service. I'll crosspost this to .help and set f/ups there. > I keep getting this e-mail over and over. > > There's no return or from address. Return/from addresses on spams and virms are almost always bogus anyway. Disregard them; that is information useful only for normal mail. > SpamCop says there's no body provided, so I can't report it. > > Any ideas? That item is apparently an empty spam sourced from 68.117.145.90 rDNS ip-wv-68-117-145-090.charterwv.net notify abuse@charter.net which is multilisted in spamcop and other spamsource db/s and also in trojan/proxy db/s. > Received: from ip-wv-68-117-145-090.charterwv.net ([68.117.145.90]) SC is configured to not 'allow' reporting of empty spams because many times when people submit such an item it is felt to be an error in submission method. There is some controversy over whether or not it is permissible to add some words to the empty body after a blank line below the headers such as 'no body text' to enable the report on empty spam. The faq doesn't permit that action; no deputy has approved something different from the faq's permission; but it is common practice for some people to advise making such an entry in the body, while others don't do that since it isn't expressly permitted. That item is also missing a number of other header elements, such as To, Subject, MessageID. Previously such a deficient item would fail to be parsed for insufficient header elements; apparently that part of the algorithm has changed. It will now process a spam if there is only just a Received line and offer to send a report as long as there is something in the body. -- Mike Easter kibitzer, not SC admin From jeff.simon.2 at sbcglobal.net Sun Jan 9 13:35:15 2005 From: jeff.simon.2 at sbcglobal.net (Jeff) Date: Sun Jan 9 13:40:02 2005 Subject: [SC-Help] Internal Spamcop Reporting? Message-ID: I keep seeing Internal Spamcop Reporting for this one ISP. It says Internal Spamcop Reporting for Level3. Why does it say that? Does Spamcop handle the Spammer or does it get done by the ISP? Spamcop is too confusing at times!! From nobody at spamcop.net Sun Jan 9 15:11:23 2005 From: nobody at spamcop.net (Miss Betsy) Date: Sun Jan 9 15:10:02 2005 Subject: [SC-Help] Re: Internal Spamcop Reporting? References: Message-ID: "Jeff" wrote in message news:crrth3$re6$1@news.spamcop.net... > I keep seeing Internal Spamcop Reporting for this one ISP. It says Internal > Spamcop Reporting for Level3. Why does it say that? Does Spamcop handle > the Spammer or does it get done by the ISP? Spamcop is too confusing at > times!! Some of the larger ISP's have arranged with spamcop to report to a special abuse address rather than the publically announced one. I don't know if that means that spamcop reports get a higher priority for action or just reduces the size of the inbox for the normal abuse desk. However, it doesn't mean anything more than the address spamcop reports go to is not the same address as the normal one. Miss Betsy From agent01413 at my-deja.com Sun Jan 9 20:50:39 2005 From: agent01413 at my-deja.com (Socks) Date: Sun Jan 9 15:55:03 2005 Subject: [SC-Help] Re: Internal Spamcop Reporting? References: Message-ID: "Miss Betsy" wrote in news:crs2vl$v36$1 @news.spamcop.net: > > "Jeff" wrote in message > news:crrth3$re6$1@news.spamcop.net... >> I keep seeing Internal Spamcop Reporting for this one ISP. It > says Internal >> Spamcop Reporting for Level3. Why does it say that? Does > Spamcop handle >> the Spammer or does it get done by the ISP? Spamcop is too > confusing at >> times!! > > Some of the larger ISP's have arranged with spamcop to report to a > special abuse address rather than the publically announced one. I > don't know if that means that spamcop reports get a higher priority > for action or just reduces the size of the inbox for the normal > abuse desk. However, it doesn't mean anything more than the > address spamcop reports go to is not the same address as the normal > one. > It means that Level3 /dev/nulls a smaller number of reports. While Miss Betsy's analysis is correct, Level3 has a track record of ignoring reports. This special reporting isnt going to result in a spammer being acted on. From nobody at spamcop.net Mon Jan 10 15:10:42 2005 From: nobody at spamcop.net (Miss Betsy) Date: Mon Jan 10 15:15:03 2005 Subject: [SC-Help] Re: Internal Spamcop Reporting? References: Message-ID: "Socks" wrote in message news:Xns95D98CA9C4C60agent01413MYDEJACOM@216.154.195.61... > "Miss Betsy" wrote in news:crs2vl$v36$1 > @news.spamcop.net: > > > > > "Jeff" wrote in message > > news:crrth3$re6$1@news.spamcop.net... > >> I keep seeing Internal Spamcop Reporting for this one ISP. It > > says Internal > >> Spamcop Reporting for Level3. Why does it say that? Does > > Spamcop handle > >> the Spammer or does it get done by the ISP? Spamcop is too > > confusing at > >> times!! > > > > Some of the larger ISP's have arranged with spamcop to report to a > > special abuse address rather than the publically announced one. I > > don't know if that means that spamcop reports get a higher priority > > for action or just reduces the size of the inbox for the normal > > abuse desk. However, it doesn't mean anything more than the > > address spamcop reports go to is not the same address as the normal > > one. > > > > It means that Level3 /dev/nulls a smaller number of reports. While Miss > Betsy's analysis is correct, Level3 has a track record of ignoring reports. > This special reporting isnt going to result in a spammer being acted on. OTOH, for other ISPs it may mean quicker action because they put spamcop reports on a higher priority. One has to know the reputation of the ISP to know. though in general, the ones who have special addresses are the ones that get a lot of reports which means that they aren't as good about spam control as others. Miss Betsy From mcwebber at my-deja.com Tue Jan 11 11:10:03 2005 From: mcwebber at my-deja.com (McWebber) Date: Tue Jan 11 11:10:04 2005 Subject: [SC-Help] roving.com spammers stay out of spamcop Message-ID: What is the deal with Spamcop and roving.com? It seems they are listed everywhere except Spamcop. I find it hard to believe since my spamtraps, and apparently lots of other spamtraps, are being hit by them that no Spamcop spamtraps are hit. Is it because they cut some kind of deal with Ironport that keeps them out of Spamcop? I got spammed by them recently because they allow customers to use very dirty lists. http://www.senderbase.org/search?searchBy=ipaddress&searchString=63.251.135.96 http://us.openrbl.org/ip/63/251/135/96.htm Even 63.251.135.74 which isn't in the "Bonded Sender" program is listed everywhere else but somehow manages to stay out of Spamcop. http://us.openrbl.org/ip/63/251/135/74.htm -- McWebber No email replies read If someone tells you to forward an email to all your friends please forget that I'm your friend. From Merlyn at Spamcop.net Tue Jan 11 11:17:22 2005 From: Merlyn at Spamcop.net (Merlyn) Date: Tue Jan 11 11:20:02 2005 Subject: [SC-Help] Re: roving.com spammers stay out of spamcop References: Message-ID: "McWebber" wrote in message news:cs0tlo$14g$1@news.spamcop.net... > What is the deal with Spamcop and roving.com? It seems they are listed > everywhere except Spamcop. I find it hard to believe since my spamtraps, > and > apparently lots of other spamtraps, are being hit by them that no Spamcop > spamtraps are hit. Is it because they cut some kind of deal with Ironport > that keeps them out of Spamcop? I got spammed by them recently because > they > allow customers to use very dirty lists. > > http://www.senderbase.org/search?searchBy=ipaddress&searchString=63.251.135.96 > > http://us.openrbl.org/ip/63/251/135/96.htm > > Even 63.251.135.74 which isn't in the "Bonded Sender" program is listed > everywhere else but somehow manages to stay out of Spamcop. > http://us.openrbl.org/ip/63/251/135/74.htm > Spamhause recently re-added them: A snippet from Spamhaus "Spamming to spamtraps for Berklee Music. Not only did the spammed spamtrap never opt in, it was actually *opted out* from their lists well over a year ago...several times...but continually spammed over and over. Dirty lists - opt-outs keep getting re-added over and over and over again... It's time to permanently opt-out Roving software as a whole to solve this problem with continual spamming." Their record looks terrible, more here: http://www.spamhaus.org/sbl/sbl.lasso?query=SBL5133 They are also listed in: WSFF, open relays and more: will-spam-for-food.eu.org -> 127.0.0.1 roving.com INTERSIL lists...spammers...who have pestered users at Intersil: blackholes.intersil.net -> roving.com.spam.blackholes.intersil.net. -> 127.0.0.2 roving.com.spam.blackholes.intersil.net. 2003Jan02; 63.251.135.96/27 pnap.net Roving Software Inc./Constant Contact idiots actually spammed blockme@relays.osirusoft.com 2002Jan13; 208.198.98/27 uunet 2002Jan13; 63.251.135.64/27 pnap 2002Oct30; 204.167.97.64/29 genuity SPAMBAG Spambags: blacklist.spambag.org -> pnap.blacklist.spambag.org. -> 127.0.0.2 pnap.blacklist.spambag.org. Blocked - see http://www.spambag.org/cgi-bin/spambag?mailfrom=pnap JAMDSBL local bl at JAMMConsulting.com: dnsbl.jammconsulting.com -> 127.0.0.2 AHBL The Abusive Hosts Blocking List: dnsbl.ahbl.org -> 127.0.0.4 1067181843 (Sun Oct 26 16:24:03 2003) bruns - Spam Source - 63.251.135.0/24 - roving.com ISIPPIADB ISIPP Accreditation Database: iadb.isipp.com -> 127.0.2.1 -> 127.2.255.102 -> 127.3.100.7 -> 127.0.0.1 -> 127.0.0.2 ISIPPIADB2 ISIPP Accreditation Database different return type: iadb2.isipp.com -> 127.0.0.50 KROPKAALL Quite aggressive database, maintained by a few private persons: all.rbl.kropka.net -> 127.0.0.1 KROPKAIP kropka ip: ip.rbl.kropka.net -> 127.0.0.1 SORBS Spam and Open Relay Blocking System: Aggregate zone: dnsbl.sorbs.net -> 127.0.0.6 Spam Received See: http://www.dnsbl.sorbs.net/lookup.shtml?63.251.135.96 SORBSSPAM List of hosts that have been noted as sending spam/UCE/UBE to the admins of SORBS. : spam.dnsbl.sorbs.net -> 127.0.0.6 Spam Received See: http://www.dnsbl.sorbs.net/lookup.shtml?63.251.135.96 SORBSSPEWS-L1 Spam Prevention Early Warning System - Level 1 Mirror: l1.spews.dnsbl.sorbs.net -> 127.0.0.2 ! [1] roving/constantcontact, see http://spews.org/ask.cgi?S1641 SORBSSPEWS-L2 Spam Prevention Early Warning System - Level 2 Mirror: l2.spews.dnsbl.sorbs.net -> 127.0.0.2 ! [1] roving/constantcontact, see http://spews.org/ask.cgi?S1641 DNSBLAUT1 Reynolds Technology Type 1: t1.dnsbl.net.au -> 127.0.0.2 63.251.135.96 See http://dnsbl.ahbl.org/ and http://dnsbl.net.au/lookup/?ip=63.251.135.96 see http://dnsbl.net.au/rmst/ and http://dnsbl.net.au/lookup/?63.251.135.96 DNSBLAURMST dnsbl.net.au Multiple Spam Traps: rmst.dnsbl.net.au -> 127.0.0.2 see http://dnsbl.net.au/rmst/ and http://dnsbl.net.au/lookup/?63.251.135.96 DNSBLAUSPEWS Spam Prevention Early Warning System: spews.dnsbl.net.au -> 127.0.0.2 63.251.135.96 See http://spews.org/ and http://www.dnsbl.net.au/spews/ DRBL-VOTE-GREMLIN Distributed RBL node: gremlin.ru: vote.drbl.gremlin.ru -> 127.0.0.2 Spam source DRBL-WORK-GREMLIN Distributed RBL node: gremlin.ru: work.drbl.gremlin.ru -> 127.0.0.2 vote.drbl.gremlin.ru@ns.gremlin.ru:Spam source BUSSPEWS Spam Prevention Early Warning System: spews.blackholes.us -> 127.1.0.1 [1] roving/constantcontact, see http://spews.org/ask.cgi?S1641 This one will be fun to follow as they can surely not be in these spam lists and Ironports Boneded Sender whitelists at the same time. -- Regards, Merlyn A Spamcop advocate No emails this account is for newsgroups only People demand freedom of speech to make up for the freedom of thought which they avoided From mcwebber at my-deja.com Tue Jan 11 11:31:10 2005 From: mcwebber at my-deja.com (McWebber) Date: Tue Jan 11 11:30:03 2005 Subject: [SC-Help] Re: roving.com spammers stay out of spamcop References: Message-ID: "Merlyn" wrote in message news:cs0u6i$1gl$1@news.spamcop.net... > "McWebber" wrote in message > news:cs0tlo$14g$1@news.spamcop.net... > > What is the deal with Spamcop and roving.com? It seems they are listed > > everywhere except Spamcop. I find it hard to believe since my spamtraps, > > and > > This one will be fun to follow as they can surely not be in these spam lists > and Ironports Boneded Sender whitelists at the same time. > Apparently they can since they are. http://groups.google.co.uk/groups?hl=en&lr=&selm=6ve0u056p9skcmk71ilfkk00ct4q6gdspe%404ax.com http://news.spamcop.net/pipermail/spamcop-list/2003-December/067678.html Maybe they should change the name to Bonded Spammer. -- McWebber "Richter points to the lack of legal action against his company as proof that he's operating appropriately." Information Week, November 10, 2003 From Merlyn at Spamcop.net Tue Jan 11 11:40:49 2005 From: Merlyn at Spamcop.net (Merlyn) Date: Tue Jan 11 11:45:03 2005 Subject: [SC-Help] Re: roving.com spammers stay out of spamcop References: Message-ID: "McWebber" wrote in message news:cs0utb$1th$1@news.spamcop.net... > "Merlyn" wrote in message > news:cs0u6i$1gl$1@news.spamcop.net... >> "McWebber" wrote in message >> news:cs0tlo$14g$1@news.spamcop.net... >> > What is the deal with Spamcop and roving.com? It seems they are listed >> > everywhere except Spamcop. I find it hard to believe since my >> > spamtraps, >> > and >> >> This one will be fun to follow as they can surely not be in these spam > lists >> and Ironports Boneded Sender whitelists at the same time. >> > > Apparently they can since they are. > > http://groups.google.co.uk/groups?hl=en&lr=&selm=6ve0u056p9skcmk71ilfkk00ct4q6gdspe%404ax.com > > http://news.spamcop.net/pipermail/spamcop-list/2003-December/067678.html > > Maybe they should change the name to Bonded Spammer. Their initials say it all, Bonded Sender :-) -- Regards, Merlyn A Spamcop advocate No emails this account is for newsgroups only People demand freedom of speech to make up for the freedom of thought which they avoided From MikeE at ster.invalid Tue Jan 11 09:31:01 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Jan 11 12:30:07 2005 Subject: [SC-Help] Re: roving.com spammers stay out of spamcop References: Message-ID: McWebber wrote: > What is the deal with Spamcop and roving.com? It looks like the 'majority' opinion in nanae is that bonded senders/spammers don't get listed in spamcop. snurled .uk googleup of 27 articles http://snipurl.com/bxmo Newsgroups: news.admin.net-abuse.email Subject: Another Bonded Spammer: "roving.com" Message-ID: Date: Sat, 08 Jan 2005 16:37:00 GMT -- Mike Easter kibitzer, not SC admin From gospamming at yourdomain.invalid Tue Jan 11 17:51:11 2005 From: gospamming at yourdomain.invalid (D.Diaz) Date: Tue Jan 11 12:55:03 2005 Subject: [SC-Help] Re: roving.com spammers stay out of spamcop References: Message-ID: "McWebber" wrote in news:cs0tlo$14g$1@news.spamcop.net: > What is the deal with Spamcop and roving.com? It seems they are listed > everywhere except Spamcop. I find it hard to believe since my > spamtraps, and apparently lots of other spamtraps, are being hit by > them that no Spamcop spamtraps are hit. Is it because they cut some > kind of deal with Ironport that keeps them out of Spamcop? I got > spammed by them recently because they allow customers to use very > dirty lists. > > http://www.senderbase.org/search?searchBy=ipaddress&searchString=63.251 > .135.96 > > http://us.openrbl.org/ip/63/251/135/96.htm > > Even 63.251.135.74 which isn't in the "Bonded Sender" program is > listed everywhere else but somehow manages to stay out of Spamcop. > http://us.openrbl.org/ip/63/251/135/74.htm > No deal, but just the way the weighting algorithm works, I think. http://www.spamcop.net/fom-serve/cache/297.html [quoting relevant part: "How the SCBL Works"] The SCBL weights the number of reports referencing an IP against a sample of the total amount of email sent by that IP. This method is not perfect. For example, some IPs which send a significant amount of reported mail may rarely or never be listed in the SCBL because those IPs also send a lot of non-reported mail. [/quote] Let's have a look at the SenderBase stats for the 63.251.135.0/24 block: http://www.spamcop.net/w3m?action=map;mask=65535;net=1073414144;sort=ipsort At the time I'm seeing the stats page, there are 15 hosts in that block, sending a mail volume of 311319.00, and there are only 42 spam reports for 3 of those 15 hosts. Also, a Google search in NANAS for 63.251.135.74 (the SBL listing you mentioned) gives a total amount of only 11 sightings reported in the year 2004, and none at all this month: http://www.google.com/groups?as_ugroup=news.admin.net-abuse.sightings&as_scoring=d&num=100&as_q=63.251.135.74 Of course, still remains the question about the SpamCop spamtraps... How many hits are they receiving? Is that number so small to not trigger a listing, given their "multiplicative" effect in the weighting algorithm? It's also a pity to not have access anymore to the "history of previous listings" for an IP address. It would be interesting to dig in there the past history of those IP addresses... -- Daniel Diaz SpamCop User From nobody at spamcop.net Tue Jan 11 13:07:20 2005 From: nobody at spamcop.net (Pop) Date: Tue Jan 11 13:10:03 2005 Subject: [SC-Help] Re: roving.com spammers stay out of spamcop References: Message-ID: Mike Easter wrote: > McWebber wrote: >> What is the deal with Spamcop and roving.com? > > It looks like the 'majority' opinion in nanae is that bonded > senders/spammers don't get listed in spamcop. > > snurled .uk googleup of 27 articles http://snipurl.com/bxmo > > Newsgroups: news.admin.net-abuse.email > Subject: Another Bonded Spammer: "roving.com" > Message-ID: > Date: Sat, 08 Jan 2005 16:37:00 GMT There are probably no readers left who remember what I'm talking about, -but- I "told you so"! Business rule #1: Make money - do good for the public if it doesn't get in the way of profit Business rule #2: Make more money any way you can expand in and the hell with the public Business rule #3: Promote good will unless it gets in the way of profits; rule #2 not working. Business rule #4: Buy, kill, infiltrate or otherwise negate the competition; screw the public. Business rule #5: If profits are stagnant, see rule #1, 2, 3, and 4. Business rule #6: You're fired! Screw the public. Forget good will; it didn't work. Anyone not with us is ag'in' us! Not sure what I'm going to do about it yet - looks like a GREAT opportunity for someone out there! I'm keeping my eyes open, believe me! -- Pop From Merlyn at Spamcop.net Tue Jan 11 13:19:29 2005 From: Merlyn at Spamcop.net (Merlyn) Date: Tue Jan 11 13:20:03 2005 Subject: [SC-Help] Re: roving.com spammers stay out of spamcop References: Message-ID: "D.Diaz" wrote in message news:Xns95DBBFC891AE3xnddmxn@216.154.195.61... > > No deal, but just the way the weighting algorithm works, I think. > > http://www.spamcop.net/fom-serve/cache/297.html > > [quoting relevant part: "How the SCBL Works"] > > The SCBL weights the number of reports referencing an IP against a > sample of the total amount of email sent by that IP. This method is not > perfect. For example, some IPs which send a significant amount of > reported mail may rarely or never be listed in the SCBL because those > IPs also send a lot of non-reported mail. > > [/quote] > > > Let's have a look at the SenderBase stats for the 63.251.135.0/24 block: > > http://www.spamcop.net/w3m?action=map;mask=65535;net=1073414144;sort=ipsort > [snipped] IMHO ask yourself a few questions: Is Senderbase is owned by Ironport? What does Senderbase say about Optinrealbig or any of Scotty's domains? If you report spam from Roving does it go into the bit bucket just like Snotty Scotty's? We get spam from Roving or I should say we block spam from Roving and have for a very long time now. There are many sightings in Google if you search other ways and other IP addresses they had or have. The point is, "many" reputible blocking lists currently block Roving for spamming directly. It is only logicical that you shouldn't be in the Bonded Sender program while you reside on all those lists for spamming. -- Regards, Merlyn A Spamcop advocate No emails this account is for newsgroups only People demand freedom of speech to make up for the freedom of thought which they avoided From gospamming at yourdomain.invalid Tue Jan 11 19:37:19 2005 From: gospamming at yourdomain.invalid (D.Diaz) Date: Tue Jan 11 14:40:03 2005 Subject: [SC-Help] Re: roving.com spammers stay out of spamcop References: Message-ID: "Merlyn" wrote in news:cs15bh$6h0$1@news.spamcop.net: > We get spam from Roving or I should say we block spam from Roving and > have for a very long time now. There are many sightings in Google if > you search other ways and other IP addresses they had or have. > > The point is, "many" reputible blocking lists currently block Roving > for spamming directly. It is only logicical that you shouldn't be in > the Bonded Sender program while you reside on all those lists for > spamming. > I agree with you and Mc. As I said, I'm just pointing out the way the listing algorithm works; and not trying to argue about its "fairness". If they spam, they are spammers; there's no argument there. I also noticed that 63.251.135.69 seems to be the only IP address roving.com has put in the Bonded Sender Program, and they seem to be spamming mainly from other addresses in their /26 block, trying to keep that one "clean". Now, another question I'm asking myself is... how many of those spams emanating from the "bonded" IP address have been reported to abuse@bondedsender.com so they get fined as per BondedSender's policy? -- Daniel Diaz SpamCop User From gospamming at yourdomain.invalid Tue Jan 11 19:39:28 2005 From: gospamming at yourdomain.invalid (D.Diaz) Date: Tue Jan 11 14:40:06 2005 Subject: [SC-Help] Re: roving.com spammers stay out of spamcop References: Message-ID: "D.Diaz" wrote in news:Xns95DBD1C74937Axnddmxn@216.154.195.61: > I also noticed that 63.251.135.69 seems to be the only IP address > roving.com has put in the Bonded Sender Program,... > Oops! Make that 63.251.135.96 :-/ -- Daniel Diaz SpamCop User From Merlyn at Spamcop.net Tue Jan 11 14:43:00 2005 From: Merlyn at Spamcop.net (Merlyn) Date: Tue Jan 11 14:45:03 2005 Subject: [SC-Help] Re: roving.com spammers stay out of spamcop References: Message-ID: "D.Diaz" wrote in message news:Xns95DBD1C74937Axnddmxn@216.154.195.61... > "Merlyn" wrote in > news:cs15bh$6h0$1@news.spamcop.net: > >> We get spam from Roving or I should say we block spam from Roving and >> have for a very long time now. There are many sightings in Google if >> you search other ways and other IP addresses they had or have. >> >> The point is, "many" reputible blocking lists currently block Roving >> for spamming directly. It is only logicical that you shouldn't be in >> the Bonded Sender program while you reside on all those lists for >> spamming. >> > > I agree with you and Mc. As I said, I'm just pointing out the way the > listing algorithm works; and not trying to argue about its "fairness". > If they spam, they are spammers; there's no argument there. > > I also noticed that 63.251.135.69 seems to be the only IP address > roving.com has put in the Bonded Sender Program, and they seem to be > spamming mainly from other addresses in their /26 block, trying to keep > that one "clean". > > Now, another question I'm asking myself is... how many of those spams > emanating from the "bonded" IP address have been reported to > abuse@bondedsender.com so they get fined as per BondedSender's policy? > Good point, but would they get fined? Only Ironport would know :-) -- Regards, Merlyn A Spamcop advocate No emails this account is for newsgroups only People demand freedom of speech to make up for the freedom of thought which they avoided From David1 at suescornerweb.com Tue Jan 11 16:12:48 2005 From: David1 at suescornerweb.com (David 1) Date: Tue Jan 11 16:15:03 2005 Subject: [SC-Help] No source IP address found, cannot proceed. Message-ID: tracking link http://www.spamcop.net/sc?id=z711612709z242993b216947a68d52d24658337d42az Parsing header: No source IP address found, cannot proceed. Add/edit your mailhost configuration Finding full email headers Submitting spam via email (may work better) Example: What spam headers should look like No tracking information found in header: X-Account-Key: account2 Probably not full headers - see FAQ: I've been getting quite a few of these latly & don't understand why, I got lucky & just happen to keep this email incase more info is needed. -- David 1 bad addy spamtrap@suescornerweb.com From MikeE at ster.invalid Tue Jan 11 13:23:10 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Jan 11 16:25:02 2005 Subject: [SC-Help] Re: No source IP address found, cannot proceed. References: Message-ID: David 1 wrote: www.spamcop.net/sc?id=z711612709z242993b216947a68d52d24658337d42az > Probably not full headers - see FAQ: There's some stuff up at the top that is screwing up proper header construction X-Account-Key: account2 >From hewmre@mailblocks.com Tue Jan 11 19:40:27 2005 The top line wouldn't matter, because it is proper header field construction, but the empty line after doesn't work at all in a header, nor the 2nd text line. If you get rid of that stuff, it works OK. www.spamcop.net/sc?id=z711621100zbd3ebb9130a11ac70655daad5431c921z -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Tue Jan 11 22:40:48 2005 From: nobody at spamcop.net (Doug) Date: Tue Jan 11 17:45:04 2005 Subject: [SC-Help] hotmail/msn, gmail, et.al. Message-ID: Long time paid user, but not a sysadim. Over the past several months [since retirement], I've been making a concerted effort to send a complaint to yahoo each time I see a domain registered with a yahoo address. I had read in one of the ng that such usage violates yahoo's TOS. Haven't determined whether it's done any good, but I'm just trying to help the cause. Question is, do hotmail/msn, or gmail, have a similar TOS clause that prohibits using their e-mail addys in domain registrations? And if so, does anyone have the proper complaint addresses for these? I tried to get to a TOS page on the hotmail site and you have to have javascript enabled and they "push" IE, or Netscape. I don't use js and I'm an Opera user so I'm hitting the wall. Any help appreciated TIA -- Doug Goodwin YMMV Never let your sense of morals get in the way of doing what's right. -- Salvor Hardin From David1 at suescornerweb.com Tue Jan 11 18:09:56 2005 From: David1 at suescornerweb.com (David 1) Date: Tue Jan 11 18:15:05 2005 Subject: [SC-Help] Re: No source IP address found, cannot proceed. In-Reply-To: References: Message-ID: Mike Easter wrote: > David 1 wrote: > www.spamcop.net/sc?id=z711612709z242993b216947a68d52d24658337d42az > > >>Probably not full headers - see FAQ: > > > There's some stuff up at the top that is screwing up proper header > construction > > > X-Account-Key: account2 > >>From hewmre@mailblocks.com Tue Jan 11 19:40:27 2005 > > > The top line wouldn't matter, because it is proper header field > construction, but the empty line after doesn't work at all in a header, > nor the 2nd text line. > > If you get rid of that stuff, it works OK. > > www.spamcop.net/sc?id=z711621100zbd3ebb9130a11ac70655daad5431c921z > > > ok, is that something the spammers are putting in ???? -- David 1 bad addy spamtrap@suescornerweb.com From 79ytka802 at sneakemail.com Tue Jan 11 23:40:34 2005 From: 79ytka802 at sneakemail.com (Aviatrix) Date: Tue Jan 11 18:45:07 2005 Subject: [SC-Help] Re: hotmail/msn, gmail, et.al. In-Reply-To: References: Message-ID: Doug wrote: > Long time paid user, but not a sysadim. Over the past several months [since > retirement], I've been making a concerted effort to send a complaint to > yahoo each time I see a domain registered with a yahoo address. I had read > in one of the ng that such usage violates yahoo's TOS. Haven't determined > whether it's done any good, but I'm just trying to help the cause. Why are you doing this? How do you think it will help any cause? I have a (little-used) Yahoo account. I'm not aware of any TOS that prohibit me from using my Yahoo address in a Whois record. Maybe that prohibition didn't exist when I signed up with Yahoo. Maybe it was there in the small print but I never noticed it. I have never used my Yahoo address for a domain name registration, but I'm sure there are many many people out there who put their Yahoo address in their domain name registration, in all innocence and in good faith, because they're not aware of this bit of small print. Or are you restricting your reporting activities to domains that have been used for spamming? This would make slightly more sense, but I don't think it would achieve much... a spammer isn't going to worry about the loss of a disposable Yahoo account. In fact I don't even think spammers are worried about the loss of a domain any more... domains are far too cheap, and I suspect that with the recent free .info domain offers spammers will have been stockpiling domains so that the moment they lose one they can just use another one. From MikeE at ster.invalid Tue Jan 11 17:14:45 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Jan 11 20:15:17 2005 Subject: [SC-Help] Re: No source IP address found, cannot proceed. References: Message-ID: David 1 wrote: > ok, is that something the spammers are putting in ???? Assuming I'm allowed to guess at something, my guess would be 'No.' My first guess would be the cause was somewhere between mx2.frognet.net and whatever you handle your mail with. That guess would be highly suspicious of the thing that stamps these 'good' lines into the header: Delivered-To: suescornerweb.com-x Received: (qmail 3494 invoked by uid 700); 11 Jan 2005 19:40:27 -0000 I would suspect that 'thing' or process of stamping 'bad lines' - non-compliant line or lines - in/on there too. I would be accusing that thing/process of stamping/adding everything from the topmost Received line up, and screwing up the headers in the process. That the headers were fine when mx2.frognet stamped its Received line, and then something went wrong. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Tue Jan 11 17:30:20 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Jan 11 20:30:03 2005 Subject: [SC-Help] Re: hotmail/msn, gmail, et.al. References: Message-ID: Aviatrix wrote: > Doug wrote: >> complaint to yahoo each time I see a domain registered with a yahoo >> address. I had read in one of the ng that such usage violates >> yahoo's TOS. > Why are you doing this? How do you think it will help any cause? The idea would be, if it were true, that /if/ yahoo, hotmail/msn, gmail had a policy against usage of their /free/ accounts 'commercially'; and /if/ the account in question /were/ free, which isn't automatic just because something is a yahoo or hotmail; and /if/ the provider terminated the account because the use of the free account was for a commercial purpose ie as a 'business' to register the domain name; and /if/ the domainname registration email address were lost; /then/ the domainname registration wouldn't be 'any good', which would/could lead to loss of the domainname registration. That would be part of a strategy for an attack on the domainname registration. In support of that strategy, some have reported that hotmail, which is sometimes pretty quick on the trigger against complaints when properly addressed and documented, has terminated a hotmail account which facilitated the reporter eventually terminating a domainname registration. In light of all of my wherefores and whereas/es and if then/s and therefores above, you can see that there is a tenuous chain between such a notification and something actually happening, along with some fuzzy information in the various TOSes and ambiguity of whether an account is free or not. I just looked at gmail's, and it wasn't very convincing to me that the strategy would likely bear fruit on a TOS basis. -- Mike Easter kibitzer, not SC admin From wb8tyw at qsl.network Tue Jan 11 21:16:28 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Tue Jan 11 21:20:03 2005 Subject: [SC-Help] Re: roving.com spammers stay out of spamcop In-Reply-To: References: Message-ID: Merlyn wrote: > "McWebber" wrote in message > news:cs0tlo$14g$1@news.spamcop.net... > >>What is the deal with Spamcop and roving.com? It seems they are listed >>everywhere except Spamcop. I find it hard to believe since my spamtraps, >>and ... > > Spamhause recently re-added them: Once an I.P. address is in any spamhaus.org list, many of spamcop reporters no longer see any spam from them to report. And if they are a prolific enough spammer, they may have already earned a permanent local block before spamhaus.org got around to listing them. According to one of my postmasters, about 50% of the spam delivery attempts is blocked by the local block list. From the same statistics, it looks like most spammers realize that anything listed in sbl.spamhaus.org is useless for sending e-mail to most of the internet. Some of them also seem to have realized the same thing about I.P. addresses in the SORBS DUHL list. -John wb8tyw@qsl.network Personal Opinion Only From David1 at suescornerweb.com Tue Jan 11 21:21:48 2005 From: David1 at suescornerweb.com (David 1) Date: Tue Jan 11 21:20:07 2005 Subject: [SC-Help] Re: No source IP address found, cannot proceed. In-Reply-To: References: Message-ID: Mike Easter wrote: > David 1 wrote: > >>ok, is that something the spammers are putting in ???? > > > Assuming I'm allowed to guess at something, my guess would be 'No.' > > My first guess would be the cause was somewhere between mx2.frognet.net > and whatever you handle your mail with. > > That guess would be highly suspicious of the thing that stamps these > 'good' lines into the header: > > Delivered-To: suescornerweb.com-x > Received: (qmail 3494 invoked by uid 700); 11 Jan 2005 19:40:27 -0000 > > I would suspect that 'thing' or process of stamping 'bad lines' - > non-compliant line or lines - in/on there too. I would be accusing that > thing/process of stamping/adding everything from the topmost Received > line up, and screwing up the headers in the process. > > That the headers were fine when mx2.frognet stamped its Received line, > and then something went wrong. > ok, thank ya now I know where to go -- David 1 bad addy spamtrap@suescornerweb.com From mcwebber at my-deja.com Wed Jan 12 02:56:13 2005 From: mcwebber at my-deja.com (McWebber) Date: Wed Jan 12 02:55:07 2005 Subject: [SC-Help] Re: roving.com spammers stay out of spamcop References: Message-ID: "D.Diaz" wrote in message news:Xns95DBD1C74937Axnddmxn@216.154.195.61... > > Now, another question I'm asking myself is... how many of those spams > emanating from the "bonded" IP address have been reported to > abuse@bondedsender.com so they get fined as per BondedSender's policy? > Wanna bet you just get unsubscribed if you send them an unmunged report? As far as the lack of NANAS reports go, it's a little hard to report blocked spam. [root mail]# grep roving /var/log/maillog Jan 11 06:57:31 admin sendmail[431]: j0BCvQY00431: ruleset=check_relay, arg1=ccm01.roving.com, arg2=63.251.135.74, relay=ccm01.roving.com [63.251.135.74], reject=550 5.0.0 fuck off spammer Jan 11 10:32:49 admin sendmail[23421]: j0BGWiY23421: ruleset=check_relay, arg1=ccm09.roving.com, arg2=63.251.135.115, relay=ccm09.roving.com [63.251.135.115], reject=550 5.0.0 fuck off spammer Jan 11 12:28:28 admin sendmail[5727]: j0BISNY05727: ruleset=check_relay, arg1=mailface.roving.com, arg2=63.251.135.75, relay=mailface.roving.com [63.251.135.75], reject=550 5.0.0 fuck off spammer Jan 11 15:59:41 admin sendmail[869]: j0BLxaY00869: ruleset=check_relay, arg1=ccm01.roving.com, arg2=63.251.135.74, relay=ccm01.roving.com [63.251.135.74], reject=550 5.0.0 fuck off spammer Jan 11 17:27:21 admin sendmail[11745]: j0BNRGY11745: ruleset=check_relay, arg1=mailface.roving.com, arg2=63.251.135.75, relay=mailface.roving.com [63.251.135.75], reject=550 5.0.0 fuck off spammer It goes like that every day. They ignore rejections and just keep sending despite hard bounces. -- McWebber "Richter points to the lack of legal action against his company as proof that he's operating appropriately." Information Week, November 10, 2003 From MikeE at ster.invalid Wed Jan 12 04:34:05 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Jan 12 07:35:15 2005 Subject: [SC-Help] Re: Getting balcklisted References: Message-ID: Posted to .help and .spam; f/ups to .help -- so as to 'move' the discussion to .help, see below. Iain wrote: > I hope this is the correct group to post this to... > > I am working with a large Government Department who want to send Email > reminders to users of their online services. There's a lot of concern > about users giving incorrect addresses (either deliberately or by > mistake) and this leading to undeliverable mail and this being > mis-identified by ISPs as spam and the Department being blacklisted. > > Personally I think the chances of this are very low, but does anyone > have any general ideas on what might cause an ISP to automatically > blacklist an IP address? There have been claims that "as few as three > misaddressed Emails to AOL" can cause AOL to block an IP but that > doesn't seem to be included in AOL's spam policies and would surely > result in most SMTP servers in the work being blacklisted by AOL! > > Pointers to resources such as AOL's policy would be helpful plus any > ideas, views or opinions. It would be intended that every message > would have a 'This message is not relevant to me/unsubscribe' link > plus of course full rDNS etc. would all work. > > Thanks.../Iain The faq for the purposes of the various newsgroups is misleading and neglected, and no one reads in or uses spamcop.spam, because .spam is only for posting raw spam which is not allowed in .help or spamcop. The proper display of raw spam is to use a tracking url, not to use this group whose purpose arose before the tracking url could display an entire raw spam. .help and spamcop are for asking general questions relating to spam and spamcop, and no raw spam is allowed in those groups, hence the need for this group to post the raw spam being discussed in the other groups. No one reads .spam because there is supposed to be only spam in it. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Wed Jan 12 04:51:14 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Jan 12 07:50:03 2005 Subject: [SC-Help] Re: Getting balcklisted References: Message-ID: > Iain wrote: >> I hope this is the correct group to post this to... spamcop or .help will be fine now. >> I am working with a large Government Department who want to send >> Email reminders to users of their online services. There's a lot of >> concern about users giving incorrect addresses (either deliberately >> or by mistake) and this leading to undeliverable mail and this being >> mis-identified by ISPs as spam and the Department being blacklisted. There are many many reasons to be using good list management. Failure to use good mailing list management will lead to the list's mail being reported as spam; such spamsources will be listed and blocked; then the listed won't be getting the mail they want. And the IP address won't be able to complete its regular mail to other mail recipients not on the mailing list. Bad business all around. >> Personally I think the chances of this are very low, but does anyone >> have any general ideas on what might cause an ISP to automatically >> blacklist an IP address? There are many many scores of blocklists, over 150, devised by various means and used in various ways. Providers use public blocklists and create their own blocklists as part of a comprehensive strategy against spam, which is a big big problem. >> There have been claims that "as few as three >> misaddressed Emails to AOL" can cause AOL to block an IP but that >> doesn't seem to be included in AOL's spam policies and would surely >> result in most SMTP servers in the work being blacklisted by AOL! I'm not privvy to how AOL does its blocking, but it is an adamant antispam place, so sending multiple unwanted mails to them would be a very bad idea. I've seen blocked mail reports from AOL. They block individual IPs, they block domains, they block lots of things. >> Pointers to resources such as AOL's policy would be helpful plus any >> ideas, views or opinions. It would be intended that every message >> would have a 'This message is not relevant to me/unsubscribe' link >> plus of course full rDNS etc. would all work. Nope; having bad mailing list management cannot be solved by having unsub information. The only people who should ever use unsub information is a person who subscribed in the first place. You cannot send unwanted mail to someone or to a spamtrap and expect it to unsub. That mail will be reported as spam, you can't unsub the reporter or the spamtrap, and you will get listed and your mail blocked. You have to not send anyone mail which wasn't specifically requested by them, and from you and for the specific purpose of the list; not some other purpose of some other list; and which request was confirmed verifiably by a unique token. There are guidelines for the creating and management of mailing lists. Here's one http://www.mail-abuse.com/an_listmgntgdlines.html Guidelines for proper mailing list management -- Mike Easter kibitzer, not SC admin From ipmarketing at spamcop.net Wed Jan 12 15:21:45 2005 From: ipmarketing at spamcop.net (Iain) Date: Wed Jan 12 10:25:03 2005 Subject: [SC-Help] Re: Getting balcklisted References: Message-ID: Thanks for this Mike, for the reference link and for posting this across to spamcop.help...but to explain a bit more... First, the plans are only that Email will be sent to addresses which users have explicitly provided and only content related to services they've opted-in to receive will be sent to them. There's no 'buying of lists' or anything like that. It's all about proper informed opt-in, so let's take all that as accepted. The issue comes down to what is *really* meant by; "confirmed verifiably by a unique token." So... A user comes to the Government site. They login with credentials which can be used to identify them as a real-life identity, i.e. a degree of identity verifcation *far* beyond that behind most list management systems. They ask to be sent information by Email. It's then the degree of verification of the Email address they provide being shown to belong to that user. So there's options... 1. You send a welcome message (as advised when they signed up) confirming their set-up of Email information and including an unsubscribe link for one-click removal if for some reason they want to cancel the subscription. The idea here is that if the address is someone elses, that someone else has a fast way of saying; "This is nothing to do with me. I don't want to receive any information." This is the best we can do at this point. 2. If the user inadvertently enters someone elses address, i.e. a valid address but not their own, then the incorrect recipient would have an immediate 'get me out of this' link as described. If the incorrect chose not to immediately unsubscribe then they implcitly agree to receive further mail. That's what the welcome would say and would advise they immediately use the "This has come to the wrong person" link if they didn't want to continue to receive mail. In addition every message sent subsequently would include such a "No more mail" link. Again, this is the best we can do to allow someone to remove their address. 3. If the user gives us a completely wrong address or an address which goes to some SMTP sink, then it's hard for us to know that other than through parsing any reply back from the recipient ISP. Obviously the 'unsubscribe' link can't be clicked, but I don't see how we can realistically do anything but send a welcome message to the address the user gives us. Or do you think differently?? 4. Now point 3 above makes the case for requiring a positive; "Yes thank you for the welcome Email and I confirm I want to continue receiving it" reply. This would prevent a second Email being sent to the same address if say it was some kind of sink (and so no bounce/non-delivery report would come back) unless the positive reply had been received. However, two issues: 4a. Although we can collect a positive confirmation 'by a unique token' it doesn't actually tell us that the person making that positive confirmation is the same person who gave us the address. They could have given us a correct address for some other person and that other person, for whatever reason, clicked the 'I want to confirm my Opt-in' link. So we have a positive opt-in, but not from the right person 4b. We could ensure that the confirmation was from the right person by making the person log back into the web service to make their confirmation. This ensures that the person who set up the Email also has access to the 'unique token' sent in the welcome message. So this is a high degree of verification, but also a high degree of nuisance for the user and our business manager's want to make the Email sign-up simple and quick and not to require re logins 4c. Even if we go through either a 'weak' verification (4a) or strong verification (4b) exercise of confirming the Email address and opt-in status, the Email address could at any point in time be deleted, suspended or otherwise become invalid without us knowing. At that point we would (unknowingly) continue to send Email to the positiviely verified address but which was no longer valid. At that point we're pretty much in the same position as at point 2 in that we'd be sending Email to an ISP to an address that didn't exist/was invalid. So, if sending mail to invalid addresses is liable to get the sending domain blacklisted, then we're just as lilkely to be blacklisted at this point as we are at point 2. That then begs the question, what do we gain from the verification steps as the verification is only at a point in time and the address may become invalid for any number of reasons at any time and so we're into sending mail to non-existant mail addresses What I am therefore trying to work through - and I'm readin various other sources but thought I'd ask here - is what is 'best practice' and what ensure the department won't end up being blacklisted either due to deliberate action by someone (deliberately giving false mail addresses) or due to accidental input of an Email address or through an Email address lapsing/becoming invalid at some point after being verified. Hope this makes sense. Also, BTW, AOL go through their spam policy in a lot of detail at http://www.aol.co.uk/about/policy/spam/senderfaq.html and linked pages :-) Thanks.../Iain "Mike Easter" wrote in message news:cs36d0$ftq$1@news.spamcop.net... >> Iain wrote: >>> I hope this is the correct group to post this to... > > spamcop or .help will be fine now. > >>> I am working with a large Government Department who want to send >>> Email reminders to users of their online services. There's a lot of >>> concern about users giving incorrect addresses (either deliberately >>> or by mistake) and this leading to undeliverable mail and this being >>> mis-identified by ISPs as spam and the Department being blacklisted. > > There are many many reasons to be using good list management. Failure > to use good mailing list management will lead to the list's mail being > reported as spam; such spamsources will be listed and blocked; then > the listed won't be getting the mail they want. And the IP address > won't be able to complete its regular mail to other mail recipients not > on the mailing list. Bad business all around. > >>> Personally I think the chances of this are very low, but does anyone >>> have any general ideas on what might cause an ISP to automatically >>> blacklist an IP address? > > There are many many scores of blocklists, over 150, devised by various > means and used in various ways. Providers use public blocklists and > create their own blocklists as part of a comprehensive strategy against > spam, which is a big big problem. > >>> There have been claims that "as few as three >>> misaddressed Emails to AOL" can cause AOL to block an IP but that >>> doesn't seem to be included in AOL's spam policies and would surely >>> result in most SMTP servers in the work being blacklisted by AOL! > > I'm not privvy to how AOL does its blocking, but it is an adamant > antispam place, so sending multiple unwanted mails to them would be a > very bad idea. I've seen blocked mail reports from AOL. They block > individual IPs, they block domains, they block lots of things. > >>> Pointers to resources such as AOL's policy would be helpful plus any >>> ideas, views or opinions. It would be intended that every message >>> would have a 'This message is not relevant to me/unsubscribe' link >>> plus of course full rDNS etc. would all work. > > Nope; having bad mailing list management cannot be solved by having > unsub information. The only people who should ever use unsub > information is a person who subscribed in the first place. You cannot > send unwanted mail to someone or to a spamtrap and expect it to unsub. > That mail will be reported as spam, you can't unsub the reporter or the > spamtrap, and you will get listed and your mail blocked. > > You have to not send anyone mail which wasn't specifically requested by > them, and from you and for the specific purpose of the list; not some > other purpose of some other list; and which request was confirmed > verifiably by a unique token. > > There are guidelines for the creating and management of mailing lists. > Here's one http://www.mail-abuse.com/an_listmgntgdlines.html Guidelines > for proper mailing list management > > > -- > Mike Easter > kibitzer, not SC admin > From dkona7b02 at sneakemail.com Wed Jan 12 10:58:13 2005 From: dkona7b02 at sneakemail.com (Spam Hater) Date: Wed Jan 12 10:58:17 2005 Subject: [SC-Help] Re: Getting balcklisted In-Reply-To: References: Message-ID: <3.0.5.32.20050112105813.014c28a8@loki.fstrf.org> Please see my remarks in line with yours... At 03:21 PM 1/12/2005 +0000, Iain typed: >Thanks for this Mike, for the reference link and for posting this across to >spamcop.help...but to explain a bit more... I'm not Mike, but I'll jump in with my opinions anyway... :) >First, the plans are only that Email will be sent to addresses which users >have explicitly provided and only content related to services they've >opted-in to receive will be sent to them. There's no 'buying of lists' or >anything like that. It's all about proper informed opt-in, so let's take all >that as accepted. The issue comes down to what is *really* meant by; >"confirmed verifiably by a unique token." So... > >A user comes to the Government site. They login with credentials which can >be used to identify them as a real-life identity, i.e. a degree of identity >verifcation *far* beyond that behind most list management systems. They ask >to be sent information by Email. It's then the degree of verification of the >Email address they provide being shown to belong to that user. So there's >options... > >1. You send a welcome message (as advised when they signed up) confirming >their set-up of Email information and including an unsubscribe link for >one-click removal if for some reason they want to cancel the subscription. >The idea here is that if the address is someone elses, that someone else has >a fast way of saying; "This is nothing to do with me. I don't want to >receive any information." This is the best we can do at this point. Bzzzzt, wrong answer... If this is the best you can do, you are setting yourself up to be listed as a SPAM source! People are routinely advised NOT to click unsubscribe links in messages they receive. This is a quick way to confirm your account to the SPAMmers who then sell it for more money... >2. If the user inadvertently enters someone elses address, i.e. a valid >address but not their own, then the incorrect recipient would have an >immediate 'get me out of this' link as described. If the incorrect chose not >to immediately unsubscribe then they implcitly agree to receive further >mail. That's what the welcome would say and would advise they immediately >use the "This has come to the wrong person" link if they didn't want to >continue to receive mail. In addition every message sent subsequently would >include such a "No more mail" link. Again, this is the best we can do to >allow someone to remove their address. Again, no user should ever click a 'get me out of this' link so you are still going to get reported as SPAM. >3. If the user gives us a completely wrong address or an address which goes >to some SMTP sink, then it's hard for us to know that other than through >parsing any reply back from the recipient ISP. Obviously the 'unsubscribe' >link can't be clicked, but I don't see how we can realistically do anything >but send a welcome message to the address the user gives us. Or do you think >differently?? Same difference as above. Whether it is going to an "SMTP sink" or a live person who has never heard of you before, neither of them is going to click your unsubscribe link and you may very well get reported. Especially if the wrong address the provided happens to be a SpamTrap address that gets reported automatically. >4. Now point 3 above makes the case for requiring a positive; "Yes thank you >for the welcome Email and I confirm I want to continue receiving it" reply. >This would prevent a second Email being sent to the same address if say it >was some kind of sink (and so no bounce/non-delivery report would come back) >unless the positive reply had been received. However, two issues: Stop right there!! This is the only way to play! You still may get reported by those with a hair trigger who have no idea who you are and figure it is just run of the mill SPAM, but this is your best bet for staying off the SPAMlists. >4a. Although we can collect a positive confirmation 'by a unique token' it >doesn't actually tell us that the person making that positive confirmation >is the same person who gave us the address. They could have given us a >correct address for some other person and that other person, for whatever >reason, clicked the 'I want to confirm my Opt-in' link. So we have a >positive opt-in, but not from the right person Correct. >4b. We could ensure that the confirmation was from the right person by >making the person log back into the web service to make their confirmation. >This ensures that the person who set up the Email also has access to the >'unique token' sent in the welcome message. So this is a high degree of >verification, but also a high degree of nuisance for the user and our >business manager's want to make the Email sign-up simple and quick and not >to require re logins If you want to be 100% certain that the email address belongs to the person that signed up, you have no other choice. Tell your business manager to wake up and smell the SPAM frying... I have joined several mailing lists that operate in this fashion and it is not a hassle at all. If I really want the info I am willing to jump through a reasonable number of hoops to get it. >4c. Even if we go through either a 'weak' verification (4a) or strong >verification (4b) exercise of confirming the Email address and opt-in >status, the Email address could at any point in time be deleted, suspended >or otherwise become invalid without us knowing. At that point we would >(unknowingly) continue to send Email to the positiviely verified address but >which was no longer valid. At that point we're pretty much in the same >position as at point 2 in that we'd be sending Email to an ISP to an address >that didn't exist/was invalid. So, if sending mail to invalid addresses is >liable to get the sending domain blacklisted, then we're just as lilkely to >be blacklisted at this point as we are at point 2. That then begs the >question, what do we gain from the verification steps as the verification is >only at a point in time and the address may become invalid for any number of >reasons at any time and so we're into sending mail to non-existant mail >addresses This is less likely to happen and if it does, you can easily provide the original signup details and show that you had been sending email to that address for N number of months successfully and without complaint. This would be enough to get you off of any SPAMlists. A preemptive approach would be to re-verify your lists every so often with the same confirmed opt-in approach. >What I am therefore trying to work through - and I'm readin various other >sources but thought I'd ask here - is what is 'best practice' and what >ensure the department won't end up being blacklisted either due to >deliberate action by someone (deliberately giving false mail addresses) or >due to accidental input of an Email address or through an Email address >lapsing/becoming invalid at some point after being verified. 4b is best practice and if you follow it, you should not have many problems. >Hope this makes sense. Also, BTW, AOL go through their spam policy in a lot >of detail at http://www.aol.co.uk/about/policy/spam/senderfaq.html and >linked pages :-) > >Thanks.../Iain You are welcome. From MikeE at ster.invalid Wed Jan 12 08:00:21 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Jan 12 11:00:03 2005 Subject: [SC-Help] Re: Getting balcklisted References: Message-ID: Iain wrote: > It's all about proper informed > opt-in, so let's take all that as accepted. We'll see. > 1. You send a welcome message (as advised when they signed up) > confirming their set-up of Email information and including an > unsubscribe link for one-click removal if for some reason they want > to cancel the subscription. No. That is opt-out. We're looking for/ discussing/ confirmation of having subscribed. They shouldn't be subscribed until they have properly confirmed that they have subscribed. > The idea here is that if the address is > someone elses, that someone else has a fast way of saying; "This is > nothing to do with me. I don't want to receive any information." This > is the best we can do at this point. Nope. That's not good enough. If I 'accidentally' receive some mailing from someone, it isn't my job to unsubscribe. A great many reporters will always report that as spam and not unsub. > 2. If the user inadvertently enters someone elses address, i.e. a > valid address but not their own, then the incorrect recipient would > have an immediate 'get me out of this' link as described. Nope. That doesn't work. I don't think you read the link I gave you. > If the > incorrect chose not to immediately unsubscribe then they implcitly > agree to receive further mail. Nope. No good. That kind of list management is going to kill your dirty list. > That's what the welcome would say and > would advise they immediately use the "This has come to the wrong > person" link if they didn't want to continue to receive mail. In > addition every message sent subsequently would include such a "No > more mail" link. Again, this is the best we can do to allow someone > to remove their address. Nope. No good. You keep saying 'this is the best we can do' when that is no where near good enough. I smell a dirty list. > 3. If the user gives us a completely wrong address or an address > which goes to some SMTP sink, then it's hard for us to know that > other than through parsing any reply back from the recipient ISP. > Obviously the 'unsubscribe' link can't be clicked, but I don't see > how we can realistically do anything but send a welcome message to > the address the user gives us. Or do you think differently?? Yes. I think completely differently. We aren't even on the same page because you are using euphemisms which mean exactly the opposite of their language. You are using the word 'welcome' to indicate a demand that some unwilling recipient is supposed to opt-out of getting any more of something they never wanted. That's like calling a spam a 'welcome to my spam' message. > 4. Now point 3 above makes the case for requiring a positive; "Yes > thank you for the welcome Email and I confirm I want to continue > receiving it" reply. This would prevent a second Email being sent to > the same address if say it was some kind of sink (and so no > bounce/non-delivery report would come back) unless the positive reply > had been received. However, two issues: The confirmation mail when someone first subscribes to something must contain no 'content' other than its own confirmation. > 4a. Although we can collect a positive confirmation 'by a unique > token' it doesn't actually tell us that the person making that > positive confirmation is the same person who gave us the address. It does if it is performed correctly. This is about email and an email address. The confirmatory email is sent which requests the confirmation. If the confirmation isn't received, the person isn't subscribed and they get nothing else. That is confirming the subscription by opting in, not out. > They could have given us a correct address for some other person and > that other person, for whatever reason, clicked the 'I want to > confirm my Opt-in' link. So we have a positive opt-in, but not from > the right person I was speaking of emailing the confirmation. If a person is sent a confirmation and they confirm, they are subscribed. Your imagining that someone is going to optin to something they didn't want is far-fetched. > 4b. We could ensure that the confirmation was from the right person by > making the person log back into the web service to make their > confirmation. This ensures that the person who set up the Email also > has access to the 'unique token' sent in the welcome message. So this > is a high degree of verification, but also a high degree of nuisance > for the user and our business manager's want to make the Email > sign-up simple and quick and not to require re logins You can do it with a unique web login or you can do it with a unique email reply. It can be done properly either way. > 4c. Even if we go through either a 'weak' verification (4a) or strong > verification (4b) exercise of confirming the Email address and opt-in > status, the Email address could at any point in time be deleted, > suspended or otherwise become invalid without us knowing. At that > point we would (unknowingly) continue to send Email to the > positiviely verified address but which was no longer valid. There's also the issue of how to handle bounces for 'no longer valid'. > At that > point we're pretty much in the same position as at point 2 in that > we'd be sending Email to an ISP to an address that didn't exist/was > invalid. So, if sending mail to invalid addresses is liable to get > the sending domain blacklisted, then we're just as lilkely to be > blacklisted at this point as we are at point 2. That then begs the > question, what do we gain from the verification steps as the > verification is only at a point in time and the address may become > invalid for any number of reasons at any time and so we're into > sending mail to non-existant mail addresses That sounds like some kind of lame excuse for the problems described at the top. Your top part is a much bigger problem than this bottom part. > What I am therefore trying to work through - and I'm readin various > other sources but thought I'd ask here - is what is 'best practice' > and what ensure the department won't end up being blacklisted either > due to deliberate action by someone (deliberately giving false mail > addresses) or due to accidental input of an Email address or through > an Email address lapsing/becoming invalid at some point after being > verified. -- Mike Easter kibitzer, not SC admin From ipmarketing at spamcop.net Wed Jan 12 16:11:24 2005 From: ipmarketing at spamcop.net (Iain) Date: Wed Jan 12 11:15:03 2005 Subject: [SC-Help] Re: Getting balcklisted References:

Message-ID: Well thanks for the thoughts. It's useful to get a number of views, hence why explaining the logic so all can comment. Obviously there is no way to not send the first welcome message and this may go to the wrong person. One of the concerns with the 'positive id verification' 4b solution, i.e. verification behind login, is that although it gives positive assusrance that both the mail was receive properly *and by the right person* (or at least someone with access the the login credentials), it also starts to run into phishing concerns. Sending people Email links to log into banking/tax services is another concern. So in the same way you say people will never click an unsubscribe link (you'd not click an unsubsctibe link going to www.irs.gov? - not that this is for the IRS, but you get my point?) then people might also not follow-through on an Email link that results in them being asked for their login credentials! There are ways to mitigate the phishing risk (which I'll not go into here), but my point is, the 'obvious' best practice from an anti-spam point of view may not be the 'best practice' from an anti-phishing perspective. So it's all a balance...hence the churning of thoughts :-) Thanks for your input.../Iain "Spam Hater" wrote in message news:mailman.61.1105545498.4572.spamcop-help@news.spamcop.net... > Please see my remarks in line with yours... > > At 03:21 PM 1/12/2005 +0000, Iain typed: > >>Thanks for this Mike, for the reference link and for posting this across >>to >>spamcop.help...but to explain a bit more... > > I'm not Mike, but I'll jump in with my opinions anyway... :) > >>First, the plans are only that Email will be sent to addresses which users >>have explicitly provided and only content related to services they've >>opted-in to receive will be sent to them. There's no 'buying of lists' or >>anything like that. It's all about proper informed opt-in, so let's take >>all >>that as accepted. The issue comes down to what is *really* meant by; >>"confirmed verifiably by a unique token." So... >> >>A user comes to the Government site. They login with credentials which can >>be used to identify them as a real-life identity, i.e. a degree of >>identity >>verifcation *far* beyond that behind most list management systems. They >>ask >>to be sent information by Email. It's then the degree of verification of >>the >>Email address they provide being shown to belong to that user. So there's >>options... >> >>1. You send a welcome message (as advised when they signed up) confirming >>their set-up of Email information and including an unsubscribe link for >>one-click removal if for some reason they want to cancel the subscription. >>The idea here is that if the address is someone elses, that someone else >>has >>a fast way of saying; "This is nothing to do with me. I don't want to >>receive any information." This is the best we can do at this point. > > Bzzzzt, wrong answer... If this is the best you can do, you are setting > yourself > up to be listed as a SPAM source! People are routinely advised NOT to > click unsubscribe links in messages they receive. This is a quick way to > confirm your account to the SPAMmers who then sell it for more money... > >>2. If the user inadvertently enters someone elses address, i.e. a valid >>address but not their own, then the incorrect recipient would have an >>immediate 'get me out of this' link as described. If the incorrect chose >>not >>to immediately unsubscribe then they implcitly agree to receive further >>mail. That's what the welcome would say and would advise they immediately >>use the "This has come to the wrong person" link if they didn't want to >>continue to receive mail. In addition every message sent subsequently >>would >>include such a "No more mail" link. Again, this is the best we can do to >>allow someone to remove their address. > > Again, no user should ever click a 'get me out of this' link so you are > still > going to get reported as SPAM. > >>3. If the user gives us a completely wrong address or an address which >>goes >>to some SMTP sink, then it's hard for us to know that other than through >>parsing any reply back from the recipient ISP. Obviously the 'unsubscribe' >>link can't be clicked, but I don't see how we can realistically do >>anything >>but send a welcome message to the address the user gives us. Or do you >>think >>differently?? > > Same difference as above. Whether it is going to an "SMTP sink" or a live > person who has never heard of you before, neither of them is going to > click > your unsubscribe link and you may very well get reported. Especially if > the > wrong address the provided happens to be a SpamTrap address that gets > reported automatically. > >>4. Now point 3 above makes the case for requiring a positive; "Yes thank >>you >>for the welcome Email and I confirm I want to continue receiving it" >>reply. >>This would prevent a second Email being sent to the same address if say it >>was some kind of sink (and so no bounce/non-delivery report would come >>back) >>unless the positive reply had been received. However, two issues: > > Stop right there!! This is the only way to play! You still may get > reported by > those with a hair trigger who have no idea who you are and figure it is > just > run of the mill SPAM, but this is your best bet for staying off the > SPAMlists. > >>4a. Although we can collect a positive confirmation 'by a unique token' it >>doesn't actually tell us that the person making that positive confirmation >>is the same person who gave us the address. They could have given us a >>correct address for some other person and that other person, for whatever >>reason, clicked the 'I want to confirm my Opt-in' link. So we have a >>positive opt-in, but not from the right person > > Correct. > >>4b. We could ensure that the confirmation was from the right person by >>making the person log back into the web service to make their >>confirmation. >>This ensures that the person who set up the Email also has access to the >>'unique token' sent in the welcome message. So this is a high degree of >>verification, but also a high degree of nuisance for the user and our >>business manager's want to make the Email sign-up simple and quick and not >>to require re logins > > If you want to be 100% certain that the email address belongs to the > person > that signed up, you have no other choice. Tell your business manager to > wake > up and smell the SPAM frying... I have joined several mailing lists that > operate in this fashion and it is not a hassle at all. If I really want > the info I > am willing to jump through a reasonable number of hoops to get it. > >>4c. Even if we go through either a 'weak' verification (4a) or strong >>verification (4b) exercise of confirming the Email address and opt-in >>status, the Email address could at any point in time be deleted, suspended >>or otherwise become invalid without us knowing. At that point we would >>(unknowingly) continue to send Email to the positiviely verified address >>but >>which was no longer valid. At that point we're pretty much in the same >>position as at point 2 in that we'd be sending Email to an ISP to an >>address >>that didn't exist/was invalid. So, if sending mail to invalid addresses is >>liable to get the sending domain blacklisted, then we're just as lilkely >>to >>be blacklisted at this point as we are at point 2. That then begs the >>question, what do we gain from the verification steps as the verification >>is >>only at a point in time and the address may become invalid for any number >>of >>reasons at any time and so we're into sending mail to non-existant mail >>addresses > > This is less likely to happen and if it does, you can easily provide the > original signup details and show that you had been sending email to that > address for N number of months successfully and without complaint. This > would be enough to get you off of any SPAMlists. A preemptive approach > would be to re-verify your lists every so often with the same confirmed > opt-in > approach. > >>What I am therefore trying to work through - and I'm readin various other >>sources but thought I'd ask here - is what is 'best practice' and what >>ensure the department won't end up being blacklisted either due to >>deliberate action by someone (deliberately giving false mail addresses) or >>due to accidental input of an Email address or through an Email address >>lapsing/becoming invalid at some point after being verified. > > 4b is best practice and if you follow it, you should not have many > problems. > >>Hope this makes sense. Also, BTW, AOL go through their spam policy in a >>lot >>of detail at http://www.aol.co.uk/about/policy/spam/senderfaq.html and >>linked pages :-) >> >>Thanks.../Iain > > You are welcome. From MikeE at ster.invalid Wed Jan 12 08:28:43 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Jan 12 11:30:02 2005 Subject: [SC-Help] Re: Getting balcklisted References:

Message-ID: Iain wrote: > Obviously there is no way to not send the first welcome message and > this may go to the wrong person. Not 'welcome'. Confirm. The concept is that someone visits your website and reads the information about getting on the list; ie receiving wanted information from you. They respond to that by putting in their email address. When they do that, they are *not* subscribed. That email address may be a bogus one to cause trouble. It may be a spamtrap address to cause trouble. Think of yourself as being surrounded by enemies to your mailing list who are also enemies of antispam activities, blocklists and such as that. Devious plotters out to get you. So, now you have an email address which might be real or it might be poison. Handle it carefully. You email the address a confirmation. In order to get any more information from you, the recipient of the email has to confirm that they received the email you sent and that they indeed /do/ want to get more mail from you regarding the issue in question. That confirmatory mail contains some way to indicate its uniqueness. Either in the content of the mail which they will be returning with their Reply function, or by clicking on a unique link in the email to trip a confirmatory website visit which only a recipient of the email could perform. If all of that [either the unique email reply or the unique website visit] doesn't happen in confirmation, then the email addy which was initially entered at the website isn't subscribed. The initial email addy only becomes subscribed by the process described. If and only if, when and only when, all of the above has already taken place is such an address a valid subscriber. If all of that, only then does that subscribed email address need to unsub [or be invalid] to become unsubbed. And, they should be able to unsub by email or website visit; either one. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Wed Jan 12 08:35:15 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Jan 12 11:35:03 2005 Subject: [SC-Help] Re: Getting balcklisted References:

Message-ID: Mike Easter wrote: > You email the address a confirmation. In order to get any more > information from you, the recipient of the email has to confirm that > they received the email you sent and that they indeed /do/ want to get > more mail from you regarding the issue in question. That confirmatory > mail contains some way to indicate its uniqueness. In addition, that confirmatory mail can name the IP address of the browser entrant of the email address which you have mailed the confirmation item. The datestamp as well if you like. That way if someone is going around causing trouble by entering bogus or spamtrap information, they may get nabbed by the person bogus subscribed notifying the provider for the IP address. Ratting out the bogus subscribers to mailing lists is a good thing; and you can facilitate it by including the IP address of the browser entering the wannabe subscriber address into your initiating webform. -- Mike Easter kibitzer, not SC admin From ipmarketing at spamcop.net Wed Jan 12 16:40:25 2005 From: ipmarketing at spamcop.net (Iain) Date: Wed Jan 12 11:45:03 2005 Subject: [SC-Help] Re: Getting balcklisted References: Message-ID: I don't quite follow this, and no I've not yet read the link you previous sent, but will be studying it carefully, believe you me! However, you write... "Nope. That's not good enough. If I 'accidentally' receive some mailing from someone, it isn't my job to unsubscribe. A great many reporters will always report that as spam and not unsub." So then, the very first Email that is sent as a part of the opt-in process would under your comments get reported as spam if the user wasn't expecting it - caused by the original web user giving someone else's address for whatever reason? That is a no-win situation you describe as I have no way to test the address provided - ever - unless I send mail to it! You also write: "The confirmation mail when someone first subscribes to something must contain no 'content' other than its own confirmation." So then, if you're the recipient of a message with 'no content' sent to you because someone else gave your Email address as their own address, this is going to help you? Surely a message that explains what it is, why it is being sent to the person and what to do if they do/do not want it - a 'welcome message' - is a lot better than something with 'no content'. If by 'no content' you mean not a first in the series of the information feed, then that is *precisely* what I'm describing and why we're thinking of this as a 'welcome message' (on the basis the vast majority of sign-ups will be for people who want the service and give a correct address). I have not described a 'content message', only one explicitly related to the sign-up, it's purpose and what to do. My point about addresses 'going invalid', is that just because you get an opt-in message does not mean the address will be good forever. It means it was okay and the user wanted it at that time, but the address may lapse for many reasons. If *the ISP* then invokes rules about mail being sent to invalid mail addresses you fall into that problem despite the opt-in. So, let's say there's a number of people all opted-in from a company and then for some reason that company's Email addresses get suspended, suddenly we'd be sending mail to multiple invalid addresses. Yes we need to process 'invalid address' replies, but we can't do that until we get the bounces and we need to try all the addresses to know they're all now bad. In this instance the opt-in doesn't buy us any protection. I was particularly interested in knowledge about ISP's 'general rules' about receiving bad Email that might be spam - remember my point about AOL - not just users who want to report stuff to abuse addresses. I also do not understand your comments about 'a dirty list' when the whole purpose of posting this is *precisely* to establish the best, most spam-protected means of allowing users to subscribe for Email notifications and ensuring that for whatever reason, inadvertent or malevolent, users cannot sign up someone else to receive Email they don't want. It is precisely because we're trying to ensure the list is not only clean but up to date we're going through this exercise! .../Iain "Mike Easter" wrote in message news:cs3hfj$mpv$1@news.spamcop.net... > Iain wrote: >> It's all about proper informed >> opt-in, so let's take all that as accepted. > > We'll see. > >> 1. You send a welcome message (as advised when they signed up) >> confirming their set-up of Email information and including an >> unsubscribe link for one-click removal if for some reason they want >> to cancel the subscription. > > No. That is opt-out. We're looking for/ discussing/ confirmation of > having subscribed. They shouldn't be subscribed until they have > properly confirmed that they have subscribed. > >> The idea here is that if the address is >> someone elses, that someone else has a fast way of saying; "This is >> nothing to do with me. I don't want to receive any information." This >> is the best we can do at this point. > > Nope. That's not good enough. If I 'accidentally' receive some mailing > from someone, it isn't my job to unsubscribe. A great many reporters > will always report that as spam and not unsub. > >> 2. If the user inadvertently enters someone elses address, i.e. a >> valid address but not their own, then the incorrect recipient would >> have an immediate 'get me out of this' link as described. > > Nope. That doesn't work. I don't think you read the link I gave you. > >> If the >> incorrect chose not to immediately unsubscribe then they implcitly >> agree to receive further mail. > > Nope. No good. That kind of list management is going to kill your > dirty list. > >> That's what the welcome would say and >> would advise they immediately use the "This has come to the wrong >> person" link if they didn't want to continue to receive mail. In >> addition every message sent subsequently would include such a "No >> more mail" link. Again, this is the best we can do to allow someone >> to remove their address. > > Nope. No good. You keep saying 'this is the best we can do' when that > is no where near good enough. I smell a dirty list. > >> 3. If the user gives us a completely wrong address or an address >> which goes to some SMTP sink, then it's hard for us to know that >> other than through parsing any reply back from the recipient ISP. >> Obviously the 'unsubscribe' link can't be clicked, but I don't see >> how we can realistically do anything but send a welcome message to >> the address the user gives us. Or do you think differently?? > > Yes. I think completely differently. We aren't even on the same page > because you are using euphemisms which mean exactly the opposite of > their language. You are using the word 'welcome' to indicate a demand > that some unwilling recipient is supposed to opt-out of getting any more > of something they never wanted. That's like calling a spam a 'welcome > to my spam' message. > >> 4. Now point 3 above makes the case for requiring a positive; "Yes >> thank you for the welcome Email and I confirm I want to continue >> receiving it" reply. This would prevent a second Email being sent to >> the same address if say it was some kind of sink (and so no >> bounce/non-delivery report would come back) unless the positive reply >> had been received. However, two issues: > > The confirmation mail when someone first subscribes to something must > contain no 'content' other than its own confirmation. > >> 4a. Although we can collect a positive confirmation 'by a unique >> token' it doesn't actually tell us that the person making that >> positive confirmation is the same person who gave us the address. > > It does if it is performed correctly. This is about email and an email > address. The confirmatory email is sent which requests the > confirmation. If the confirmation isn't received, the person isn't > subscribed and they get nothing else. That is confirming the > subscription by opting in, not out. > >> They could have given us a correct address for some other person and >> that other person, for whatever reason, clicked the 'I want to >> confirm my Opt-in' link. So we have a positive opt-in, but not from >> the right person > > I was speaking of emailing the confirmation. If a person is sent a > confirmation and they confirm, they are subscribed. Your imagining that > someone is going to optin to something they didn't want is far-fetched. > >> 4b. We could ensure that the confirmation was from the right person by >> making the person log back into the web service to make their >> confirmation. This ensures that the person who set up the Email also >> has access to the 'unique token' sent in the welcome message. So this >> is a high degree of verification, but also a high degree of nuisance >> for the user and our business manager's want to make the Email >> sign-up simple and quick and not to require re logins > > You can do it with a unique web login or you can do it with a unique > email reply. It can be done properly either way. > >> 4c. Even if we go through either a 'weak' verification (4a) or strong >> verification (4b) exercise of confirming the Email address and opt-in >> status, the Email address could at any point in time be deleted, >> suspended or otherwise become invalid without us knowing. At that >> point we would (unknowingly) continue to send Email to the >> positiviely verified address but which was no longer valid. > > There's also the issue of how to handle bounces for 'no longer valid'. > >> At that >> point we're pretty much in the same position as at point 2 in that >> we'd be sending Email to an ISP to an address that didn't exist/was >> invalid. So, if sending mail to invalid addresses is liable to get >> the sending domain blacklisted, then we're just as lilkely to be >> blacklisted at this point as we are at point 2. That then begs the >> question, what do we gain from the verification steps as the >> verification is only at a point in time and the address may become >> invalid for any number of reasons at any time and so we're into >> sending mail to non-existant mail addresses > > That sounds like some kind of lame excuse for the problems described at > the top. Your top part is a much bigger problem than this bottom part. > >> What I am therefore trying to work through - and I'm readin various >> other sources but thought I'd ask here - is what is 'best practice' >> and what ensure the department won't end up being blacklisted either >> due to deliberate action by someone (deliberately giving false mail >> addresses) or due to accidental input of an Email address or through >> an Email address lapsing/becoming invalid at some point after being >> verified. > > -- > Mike Easter > kibitzer, not SC admin > From ipmarketing at spamcop.net Wed Jan 12 16:44:03 2005 From: ipmarketing at spamcop.net (Iain) Date: Wed Jan 12 11:45:06 2005 Subject: [SC-Help] Re: Getting balcklisted References:

Message-ID: That is a very good idea - and one I've seen before - but an excellent idea. Thanks for it :-) "Mike Easter" wrote in message news:cs3jh1$ogs$1@news.spamcop.net... > Mike Easter wrote: >> You email the address a confirmation. In order to get any more >> information from you, the recipient of the email has to confirm that >> they received the email you sent and that they indeed /do/ want to get >> more mail from you regarding the issue in question. That confirmatory >> mail contains some way to indicate its uniqueness. > > In addition, that confirmatory mail can name the IP address of the > browser entrant of the email address which you have mailed the > confirmation item. The datestamp as well if you like. That way if > someone is going around causing trouble by entering bogus or spamtrap > information, they may get nabbed by the person bogus subscribed > notifying the provider for the IP address. > > Ratting out the bogus subscribers to mailing lists is a good thing; and > you can facilitate it by including the IP address of the browser > entering the wannabe subscriber address into your initiating webform. > > -- > Mike Easter > kibitzer, not SC admin > From ipmarketing at spamcop.net Wed Jan 12 16:48:28 2005 From: ipmarketing at spamcop.net (Iain) Date: Wed Jan 12 11:50:03 2005 Subject: [SC-Help] Re: Getting balcklisted References: